Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up.
Cybercriminals seeking sensitive data on high net-worth individuals will pay aspiring extortionists an average of $360,000 per year to target executives, lawyers, doctors, and other prominent figures, researchers discovered.
The Digital Shadows Photon Research Team today published "A Tale of Epic Extortions," a deep dive into the ways cybercriminals prey on individuals' online exposure. Extortionists take advantage of compromised credentials, sensitive data (documents, intellectual property), and technical vulnerabilities on Internet-facing applications to convince their victims to pay up.
"The extortion landscape is broader and more diverse than any of us thought before we started," says Rafael Amado, senior strategy and research analyst with Digital Shadows.
Oftentimes, he continues, the technical news that resonates with the infosec community is considered esoteric to everyone else. "Extortion has the human element," says Amado. "Attacks on organizations have real-world impact for everyday humans on the street."
It wasn't long ago when online extortion meant blackmailers composing threatening emails to threaten victims with exposure of their personal data. Some warned their targets of a potential cyberattack – for example, a denial-of-service attempt – if demands were ignored. Ransomware emerged in the 2010s, bringing a viable means of coercion and culminating in WannaCry (2017).
Sextortion, SamSam, and Scaled Funding
Today's extortionists are getting creative and finding new ways to earn cash. They're after details of victims' personal lives and/or sensitive corporate data. Sextortion scams, in which criminals claim to have evidence of targets watching sexually explicit content, have skyrocketed.
Between July 2018 and Feb. 2019, Digital Shadows collected and analyzed 792,000 sextortion attempts targeting 89,000 recipients. Criminals amassed $332,000 USD in payments; analysis of Bitcoin wallets linked to attacks shows they could earn $540 per victim, on average. Full story at DarkReading