Story image

Bin 'em: Those bomb threat emails are complete hoaxes

17 Dec 2018

A worldwide spate of spam emails claiming there is a bomb in the recipient’s building is almost certainly a hoax, but some national cybersecurity agencies are still asking those recipients to call their local authorities.

The Australian Government’s Stay Smart Online website and New Zealand’s Computer Emergency Response Team (CERT) posted bulletins about the emails last week.

CERT NZ says the emails claim an explosive device is hidden in the recipient’s office. Unless the recipients pay the ransom in bitcoin, the device will be detonated.

Newer variations of the emails claim that acid will be thrown at the recipient if they do not pay the ransom.

In a blog, Cisco Talos’ Jaeson Schultz says the sender’s claims are ‘completely false’, but they have caused a lot of damage as organisations have been forced to evacuate and call upon law enforcement. 

“Talos has discovered 17 distinct Bitcoin addresses that were used in the bomb extortion attack. Only two of the addresses have a positive balance, both from transactions received Dec. 13, the day the attacks were distributed. However, the amounts of each transaction were under $1, so it is evident the victims in this case declined to pay the $20,000 extortion payment price demanded by the attackers,” writes Schultz.

Here’s a sample of one that landed in Techday’s editorial inbox:

Schultz says that multiple IPs identified in the bomb threat scam are the same ones that were behind  a flood of sextortion emails earlier this year.

“What makes these particular extortion messages unique from other extortion scams we've monitored is that, previously, the attackers threatened only the individual — the attackers would threaten to expose sensitive data, or even attack the recipient physically, but there was never any threat of harm to a larger group of people, and certainly not the threat of a bomb.”

“While this is likely to be an opportunistic scam, New Zealand Police are working to confirm the validity of the threats until confirmed otherwise. If you receive the email, we encourage you to contact police,” says CERT NZ.

Schultz claims that the criminals behind the emails are willing to come up with any threat in order to fool people.

“At this point, we have seen several different variations of these emails, and we expect these sorts of attacks to continue as long as there are victims who will believe these threats to be credible, and be scared enough to send money to the attackers. Talos encourages users not to fall for these schemes and — above all — DO NOT pay extortion payments. Doing so will only confirm for the attackers that their social engineering approach is working, and victims' money goes directly toward facilitating additional attacks,” Schultz says.

CERT NZ also warns anyone who received the email: •    Do not respond or try to contact the sender. •    Do not pay the ransom or take any further action until you have spoken to police. •    Keep the email as evidence to pass to police. 

Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.