A hoax bomb campaign that rattled organizations across the US and Canada at the end of last week was launched by attackers previously known for individually targeted sextortion scams.
Jaeson Schultz, technical leader of Cisco Talos Security Intelligence & Research Group, explained in a blog post that they had obviously made a decision to threaten a much larger number of people.
“So far, all of the samples Talos has found to be associated with the bomb threat attack were sent from IP addresses belonging to the domain registrar and hosting company reg.ru, suggesting that the attackers in this case may have compromised credentials for domains that are hosted at this particular domain registrar,” he continued.
“Multiple IPs involved in sending these bomb threats also sent various types of sextortion email that we saw in the previous campaign. In those cases, the attackers sent out emails claiming to have compromising videos of the victim and will release them to the public unless the attacker receives a Bitcoin payment.”
The good news is that no organization affected last week fell for the ruse: of the 17 Bitcoin addresses used in the attack, only two had a positive balance and even these were under $1 each, Schultz said.
However, the attackers have already moved on to another tactic, using likely compromised IP addresses in Russia to send a new batch of extortion emails.
These revert back to the original tactic of targeting individuals rather than organizations and threaten to throw acid onto the recipient unless money is paid in Bitcoin.
“The criminals conducting these extortion email attacks have demonstrated that they are willing to concoct any threat and story imaginable that they believe would fool the recipient,” concluded Schultz.
“At this point, we have seen several different variations of these emails, and we expect these sorts of attacks to continue as long as there are victims who will believe these threats to be credible, and be scared enough to send money to the attackers.”
It goes without saying that any recipient is urged to ignore any such unsolicited email threats.