Traditionally, cyber extortions have mainly been executed via exposure threats (“pay a cryptocurrency ransom or be embarrassed”), threats of cyberattack (denial of service), or the deployment of ransomware to lock up data, says “digital risk protection firm” Digital Shadows in its latest report, “Tale of Epic Extortions.”
But as individuals and companies become more and more exposed to the Internet (via cloud computing, mobile devices, and, increasingly, the Internet of Things), cybercriminals are “diversifying,” their attacks.
As well, Dark Net markets and forums are increasingly being used to not only sell compromised data and distribute malicious software, but also to recruit neophyte extortion hackers.
Reporting on Digital Shadows’ “Tale of Epic Extortions” publication, Gadget News writes:
“Cyber criminals are actually…training extortionists and even sell something called blackmail guides for as (little) as $10.”
Digital Shadows also claims that Dark Net recruiters are, “promising salaries averaging the equivalent of $360,000 per year to accomplices who can help them target high-worth individuals, such as company executives, lawyers, and doctors with extortion scams…”
The firm adds that this, “…growing market for network accesses, stolen documents, and extortion guides on gated, dark web sites has emboldened novice extortionists.”
Prime targets in the recent round of “sextortion” exploits, says Digital Shadows have included high net-worth individuals (doctors and lawyers, for example) profiled on LinkedIn and then frightened with emails from hackers claiming they have been caught viewing adult sites, for instance.
Digital Shadows says 89 000 individuals received “sextortion” emails in 2018; that these emails were contacted a total of 792 000 times; and that 92 of 3100 unique bitcoin addresses received ransom payments totaling $332 000 USD as a result of extortions.
The company says hackers will often include one of the target’s “known” passwords (likely one previously hacked in a data exploit and sold on the Dark Net) in the sextortion email in order to give claims they hold compromising info on the target more veracity.
Digital Shadows says its latest report on extortions includes, “practical mitigation advice business leaders and network defenders can implement to manage their digital footprints and reduce extortion risks.”