Cybercriminals have continued to be a menace all over the world. And while their victims keep finding better ways to protect themselves, the criminals invent a new way to breach the security protocols. One trend that has become a favorite with cybercriminals is the use of cryptos for ransom. Easy to send and cash out and harder to trace, they are a godsend to the crooks. And according to one report, these criminals made $332,000 in 2018 in sextortion-based email campaigns.
The report revealed a changing landscape which has forced the criminals to change their approach. In the past, when criminals gained access to your email and password, they would quickly target bank accounts and other financial data. However, this has changed.
The criminals have come to recognize that once the victim recognizes the breach, he can change the credentials. This effectively nullifies the threat. They have therefore moved to sextortion. The criminals prove they have hacked the user’s accounts by providing a known password. They then claim to have video footage of the victim watching adult content online.
The report by Digital Shadows, a UK digital risk protection firm, states:
Sextortion-based email campaigns seek to extort victims by threatening to publicly embarrass them for engaging in a sexually explicit act. They claim to have evidence and use previously exposed passwords as “proof ” of compromise. These emails have been reported intermittently since late 2017, but the scale and persistence of the campaigns rocketed over 2018
The Cost of Watching Porn
And the criminals have been hard at work. The report reveals that they sent over 792,000 emails throughout the year to 89,000 email addresses. They would demand that the victim sends bitcoins to a listed address. The report found that over 3,100 bitcoin addresses sent some funds to at least 92 bitcoin addresses belonging to the criminals.
The value of the total payments totaled over $332,000. On average, the criminals received $540 from their victims.
While many victims ended up paying the ransom, the report implied that the criminals never actually had access to the emails.
Of course, an attacker with genuine access to a victim’s machine would have a host of other options available to profit from. This could include logging into online banking sessions, harvesting personally identifiable information (PII) to sell or use for fraud, or stealing sensitive documents.
The attacks were evenly distributed globally, with the servers being based across five continents. Digital Shadows tracked the IP locations of the senders, and Vietnam was the country with the highest proportion. The Southeast Asian country led with 8.5 percent, with Brazil and India following with 5.3 and 4.7 percent respectively.
While this gives some perspective on the origins of the attacks, it could also be quite misleading. Cybercriminals have been known to compromise email servers and use them for spam campaigns.
And in perhaps what was the most interesting discovery, the criminals are even recruiting talented hackers. The recruits will mainly be used to target high-net-worth individuals, and the pay is quite lucrative. The criminals pledged to pay at least $30,000 per month, and in one case, $64,000 a month.