Cops' Genesis Market Seizure: How the Cookie Market CrumbledJohn Fokker of Trellix Also Talks Ransomware, Russia's Cyber Operations and More
For cybersecurity expert John Fokker, the first signs of a law enforcement operation that would eventually shutter one of the world's most notorious cybercrime markets, Genesis, came while he was skiing, and received a call from Dutch police. "We have something, but we cannot tell you what it is," at least while he was on the ski slopes, they told him.
After signing non-disclosure agreements, his team at cybersecurity firm Trellix was tapped by police to help analyze the specialized malware used by Genesis Market to siphon off credential information - including browser cookies and online fingerprints - which the market resold; as well as to coordinate with the community and assist victims.
When police seized Genesis market last month, they found it had handled more than 80 million credentials.
"This was definitely the largest in its class," Fokker said. "It was almost the Amazon of account takeovers."
In this video interview with Information Security Media Group at RSA Conference 2023, Fokker discusses:
- Mistakes made by Genesis Market, and how Trellix assisted law enforcement with its disruption of the notorious browser cookie market;
- How Russia-Ukraine war cyber operations continue to evolve, including the use of wiper malware and new leadership for Sandworm.
- Ransomware groups' increased focus on virtualization environments, including via the ESXiArgs campaign, and his advice for better locking down these environments.
Fokker leads Trellix's threat intelligence group, which empowers industry partners and global law enforcement efforts with 24/7 mission-critical insights into the threat landscape. He previously worked at the Dutch National High-Tech Crime Unit, where he supervised numerous large-scale cybercrime investigations.