Any Product Marketing professional worth their salt will have read the seminal “Crossing the Chasm” book, which highlights how technology products go through an adoption lifecycle. In this book, five stages are outlined: innovators, early adopters, early majority, late majority, and laggards. To be successful, technologies must bridge the gap between early adopters and the early majority.
OK… so where am I going with this? When chatting with colleagues from Photon, it struck me that the cybercriminals also adopt these business models and processes. There are too many comparisons to draw in just this blog; ransomware affiliate models, recruitment drives, and division of labor are the obvious ones. However, the shining example of the Technology Adoption Lifecycle in action is Genesis Market, a criminal market our team first identified and blogged about three years ago. Gone are the days of product betas and innovators–this market is now mainstream.
What is Genesis Market?
Genesis is a fully-gated, invitation-only, English-language automated vending cart (AVC) site focused on the sale of digital fingerprints relating to a (victim) user’s computer, browser, and accounts on websites and services. It exists on both the dark web and the clear web since around 2017.
These fingerprints include information about a victim’s account, including username and password, but also other identifiers such as browser cookies, IP addresses, user-agent strings, and other operating system details. Wannabe fraudsters would previously have to source these bits separately, until Genesis came along.
Cybercriminals use these fingerprints to extrapolate account login details, bank access credentials, or bypass anti-fraud solutions either for personal exploitation or ..