sb-as logo
Story image

How an investigation into sextortion led to discovery of a criminal underworld

24 Apr 2020

Sextortion continues to be one of the most effective methods of extracting monetary value from victims, used by cyber-attackers around the world.

But according to Sophos, the crimes don’t stop at just sextortion – a recently released report reveals funds gleaned from victims led to an underbelly of criminal activity.

Sextortion is a widely used form of spam attack that accuses the recipient of visiting a pornographic website and threatens to share video evidence with their friends and family unless the recipient pays.

Researchers tracked the origin of millions of sextortion spam emails sent between September last year and February 2020 and were able to decipher what happened to the money deposited by victims.

According to Sophos, the bitcoin extorted from the scams totalled approximately US$500,000, with individual victims on average forced to pay up to $800 into attackers’ coffers.

After tracing the funds, researchers found that the extorted funds were used to support subsequent illicit activity, such as transacting with dark web marketplaces and buying stolen credit card data. 

Other funds were quickly moved through a series of wallet addresses to be consolidated and put through ‘mixers’ in an attempt to launder the transactions or convert them to cash. 
 
“Sextortion scams prey on fear and this makes them an effective way of making quick money,” says SophosLabs security researcher Tamás Kocsír, who led the research. 
 
“Across the five months of our investigation, we saw wave after wave of attacks, often taking place over the weekend and sometimes accounting for up to a fifth of all spam tracked at SophosLabs. 

“And while most recipients either didn’t open the email or didn’t pay, enough of them did to net the attackers around 50.9 bitcoin, equivalent to nearly $500,000.”
 
The scams exploited global botnets on compromised PCs to dispatch millions of spam emails to recipients around the world, according to Sophos.

Vietnam, Brazil, Argentina, the Republic of Korea, India, Italy, Mexico, Poland, Colombia, and Peru are the top 10 countries where these compromised computers were used to dispatch the spam messages, of which 81% were in English, 10% were in Italian, 4% were in German, 3.5% were in French, and 1.2% were in Chinese. 
 
“Spam campaigns are relatively cheap and easy to implement, but the assumption that this means they are launched only by low-skilled, opportunistic attackers could be inaccurate,” says Kocsír. 

“Our research found that some of the scam emails featured innovative obfuscation techniques designed to bypass anti-spam filters. 

“Examples of this include breaking up the words with invisible random strings, inserting blocks of white garbage text, or adding words in the Cyrillic alphabet to confuse machine scanning. 

“These are not beginner techniques and they are a good reminder that spam attacks of any kind should be taken seriously,” says Kocsír.

“A robust approach to cybersecurity is essential. If you are worried about becoming the target of a sextortion scam, disable or cover the camera on your computer.”

Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More
Story image
BlackBerry, Microsoft enter partnership for Teams integration
"Integrating BlackBerry AtHoc will ensure that any organisation managing critical events using Teams is able to contact, alert, and account for everyone within the organisation directly."More
Story image
UiPath and eSentire bring hyperautomation to Microsoft Security
UiPath and eSentire have announced a strategic partnership to deliver end-to-end security policy automation across multiple Microsoft Security services.More
Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More