Criminals Use Stolen Data in Sextortion Campaigns

Written by

Cyber-criminals have started to diversify their online extortion techniques, using extortion-based attacks to earn more than $330,000, according to Digital Shadows.

The ability for blackmailers to instill fear in victims by promising to leak compromising information has grown exponentially since ransomware emerged in 2010, and a new report published by Digital Shadows, A Tale of Epic Extortions, found that cyber-criminals are using stolen credentials in sextortion campaigns.

“Across a subset of sextortion-style campaigns tracked by Digital Shadows, extortionists used exposed credentials found on public lists and paste sites to convince victims they had been compromised,” researchers wrote.

A new tactic that extortionists are using to raise more funds is crowdfunding models. Rather than target the individual whose sensitive information was exposed, attackers are leveraging crowdfunding over direct extortion, researchers said.

“During the second half of 2018, extortionist thedarkoverlord (TDO) reemerged from a brief hiatus. Rather than extort victims directly, TDO looked to sell stolen data in batches to other users on criminal forums,” the report said.

Evidence suggests that there is more to come from TDO, though. “In April 2018, threat actor ‘thedarkoverlord’ stole documents belonging to the insurance provider, Hiscox. This included files related to the 9/11 attacks in the US. The threat actor hoped to play on the public’s appetite for 9/11-related controversy and encourages people to raise funds in order to view the documents. Currently this campaign has amassed some $11,600 (3.46 BTC),” according to a press release.

Researchers also found attackers tried to leverage vulnerabilities in internet-facing applications by deploying ransomware as a way to earn money. “Attackers such as the SamSam group combine active and passive scanning to find exploitable targets, which can end in significant disruption and financial loss, draining your capacity to conduct normal business.”

Attackers are reportedly targeting individuals with a high net worth and in positions of power within their organizations, according to Rick Holland, CISO and head of the photon research team at Digital.

“Many threat actor groups are actively on the recruit for members to collaborate with and to help them scale their operations. Widespread and opportunistic extortion campaigns are also lucrative. The social engineering aspects of these emails prey upon the recipients and entice them into paying the extortion amount,” Holland said in the press release.

“Education and minimizing your personal and professional online exposure are essential for thwarting extortionists goals. Since the lines between our personal and professional lives are so blurred, firms should educate their staff and tell them never to pay out a sextortion request.”

What’s hot on Infosecurity Magazine?