Cybercrime , Cyberwarfare / Nation-State Attacks , Events

Cops' Genesis Market Seizure: How the Cookie Market Crumbled

John Fokker of Trellix Also Talks Ransomware, Russia's Cyber Operations and More
John Fokker, head of threat intelligence and principal engineer, Trellix Advanced Research Center

For cybersecurity expert John Fokker, the first signs of a law enforcement operation that would eventually shutter one of the world's most notorious cybercrime markets, Genesis, came while he was skiing, and received a call from Dutch police. "We have something, but we cannot tell you what it is," at least while he was on the ski slopes, they told him.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

After signing non-disclosure agreements, his team at cybersecurity firm Trellix was tapped by police to help analyze the specialized malware used by Genesis Market to siphon off credential information - including browser cookies and online fingerprints - which the market resold; as well as to coordinate with the community and assist victims.

When police seized Genesis market last month, they found it had handled more than 80 million credentials.

"This was definitely the largest in its class," Fokker said. "It was almost the Amazon of account takeovers."

In this video interview with Information Security Media Group at RSA Conference 2023, Fokker discusses:

  • Mistakes made by Genesis Market, and how Trellix assisted law enforcement with its disruption of the notorious browser cookie market;
  • How Russia-Ukraine war cyber operations continue to evolve, including the use of wiper malware and new leadership for Sandworm.
  • Ransomware groups' increased focus on virtualization environments, including via the ESXiArgs campaign, and his advice for better locking down these environments.

Fokker leads Trellix's threat intelligence group, which empowers industry partners and global law enforcement efforts with 24/7 mission-critical insights into the threat landscape. He previously worked at the Dutch National High-Tech Crime Unit, where he supervised numerous large-scale cybercrime investigations.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.