sb-nz logo
Story image

How an investigation into sextortion led to discovery of a criminal underworld

24 Apr 2020

Sextortion continues to be one of the most effective methods of extracting monetary value from victims, used by cyber-attackers around the world.

But according to Sophos, the crimes don’t stop at just sextortion – a recently released report reveals funds gleaned from victims led to an underbelly of criminal activity.

Sextortion is a widely used form of spam attack that accuses the recipient of visiting a pornographic website and threatens to share video evidence with their friends and family unless the recipient pays.

Researchers tracked the origin of millions of sextortion spam emails sent between September last year and February 2020 and were able to decipher what happened to the money deposited by victims.

According to Sophos, the bitcoin extorted from the scams totalled approximately US$500,000, with individual victims on average forced to pay up to $800 into attackers’ coffers.

After tracing the funds, researchers found that the extorted funds were used to support subsequent illicit activity, such as transacting with dark web marketplaces and buying stolen credit card data. 

Other funds were quickly moved through a series of wallet addresses to be consolidated and put through ‘mixers’ in an attempt to launder the transactions or convert them to cash. 
“Sextortion scams prey on fear and this makes them an effective way of making quick money,” says SophosLabs security researcher Tamás Kocsír, who led the research. 
“Across the five months of our investigation, we saw wave after wave of attacks, often taking place over the weekend and sometimes accounting for up to a fifth of all spam tracked at SophosLabs. 

“And while most recipients either didn’t open the email or didn’t pay, enough of them did to net the attackers around 50.9 bitcoin, equivalent to nearly $500,000.”
The scams exploited global botnets on compromised PCs to dispatch millions of spam emails to recipients around the world, according to Sophos.

Vietnam, Brazil, Argentina, the Republic of Korea, India, Italy, Mexico, Poland, Colombia, and Peru are the top 10 countries where these compromised computers were used to dispatch the spam messages, of which 81% were in English, 10% were in Italian, 4% were in German, 3.5% were in French, and 1.2% were in Chinese. 
“Spam campaigns are relatively cheap and easy to implement, but the assumption that this means they are launched only by low-skilled, opportunistic attackers could be inaccurate,” says Kocsír. 

“Our research found that some of the scam emails featured innovative obfuscation techniques designed to bypass anti-spam filters. 

“Examples of this include breaking up the words with invisible random strings, inserting blocks of white garbage text, or adding words in the Cyrillic alphabet to confuse machine scanning. 

“These are not beginner techniques and they are a good reminder that spam attacks of any kind should be taken seriously,” says Kocsír.

“A robust approach to cybersecurity is essential. If you are worried about becoming the target of a sextortion scam, disable or cover the camera on your computer.”

Link image
Catch Huawei's FSI Data Storage Summit on demand
Missed the action? Catch the Summit on-demand & learn more about the latest trends in data storage.Watch Now
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Link image
Track, analyse, act: The e-commerce metrics you need
E-commerce technology leaders need to track, analyze, and act on large volumes of business and system performance data. Danny Miles, the CTO of Dollar Shave Club, shares a powerful framework for thinking about and prioritizing e-commerce metrics.More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Emotet malware is on a rampage after months of silence
CERT agencies around the world are reporting a surge in cyber attacks related to the Emotet malware, which is being distributed by email.More