A new report shines some light on multiple aspects of the growing threat of cyber-extortion.
Criminals are trying to tempt people with promises of six-figure annual rewards in return for help with cyber-extortion campaigns that target high-net-worth individuals, research by the threat intelligence firm Digital Shadows shows.
The prospective victims, such as corporate executives, lawyers and doctors, are often identified on networking sites, as user profiles there can contain reams of valuable personal data.
One criminal ring offered the equivalent of US$360,000 per year to aspiring extortionists with little technical prowess. Recruits with experience in network management, penetration testing or with coding skills, were promised more than twice as much for ‘putting on the black hat’.
In addition, the report shines light on several other aspects of the cyber-extortion landscape, notably on how crooks find ways to extract cash. For example, the company tracked a sample of sextortion scam campaigns between July 2018 and February 2019 that involved 792,000 extortion attempts against 89,000 unique recipients.
The emails asked the targets to pay up or else face the embarrassment of having video footage of them engaging in sexually explicit behavior or viewing adult content released online. Also, in a bid to make the emails more convincing, the threats often referenced ‘proof of compromise’; that is, sensitive data such as one of the target’s passwords.
Even though the threats are largely believed to be idle and the passwords had been picked up from public lists of breached accounts and largely outdated, a review of 92 Bitcoin wallets linked to the campaign revealed that the gang had made at least US$332,000, or at least US$540 per victim, from that ‘venture’ alone.
In addition, some extortionists monetize stolen information by ‘crowdsourcing’ extortion payments. Rather than blackmail the target itself, or after such attempts have failed, some crooks have deployed a new technique: posting documents online in stages and encouraging the public to raise funds in order to be able to see more. Old methods, such as offering materials for sale on criminal forums, continue to be used, too.
The research also notes the ever-lower barriers to entry for cybercrime, as aspiring cybercrooks can easily buy ready-made extortion materials such as sensitive documents, intellectual property and even blackmail manuals.
written by Tomas Foltyn, ESET We Live Security