sb-eu logo
Story image

How an investigation into sextortion led to discovery of a criminal underworld

24 Apr 2020

Sextortion continues to be one of the most effective methods of extracting monetary value from victims, used by cyber-attackers around the world.

But according to Sophos, the crimes don’t stop at just sextortion – a recently released report reveals funds gleaned from victims led to an underbelly of criminal activity.

Sextortion is a widely used form of spam attack that accuses the recipient of visiting a pornographic website and threatens to share video evidence with their friends and family unless the recipient pays.

Researchers tracked the origin of millions of sextortion spam emails sent between September last year and February 2020 and were able to decipher what happened to the money deposited by victims.

According to Sophos, the bitcoin extorted from the scams totalled approximately US$500,000, with individual victims on average forced to pay up to $800 into attackers’ coffers.

After tracing the funds, researchers found that the extorted funds were used to support subsequent illicit activity, such as transacting with dark web marketplaces and buying stolen credit card data. 

Other funds were quickly moved through a series of wallet addresses to be consolidated and put through ‘mixers’ in an attempt to launder the transactions or convert them to cash. 
“Sextortion scams prey on fear and this makes them an effective way of making quick money,” says SophosLabs security researcher Tamás Kocsír, who led the research. 
“Across the five months of our investigation, we saw wave after wave of attacks, often taking place over the weekend and sometimes accounting for up to a fifth of all spam tracked at SophosLabs. 

“And while most recipients either didn’t open the email or didn’t pay, enough of them did to net the attackers around 50.9 bitcoin, equivalent to nearly $500,000.”
The scams exploited global botnets on compromised PCs to dispatch millions of spam emails to recipients around the world, according to Sophos.

Vietnam, Brazil, Argentina, the Republic of Korea, India, Italy, Mexico, Poland, Colombia, and Peru are the top 10 countries where these compromised computers were used to dispatch the spam messages, of which 81% were in English, 10% were in Italian, 4% were in German, 3.5% were in French, and 1.2% were in Chinese. 
“Spam campaigns are relatively cheap and easy to implement, but the assumption that this means they are launched only by low-skilled, opportunistic attackers could be inaccurate,” says Kocsír. 

“Our research found that some of the scam emails featured innovative obfuscation techniques designed to bypass anti-spam filters. 

“Examples of this include breaking up the words with invisible random strings, inserting blocks of white garbage text, or adding words in the Cyrillic alphabet to confuse machine scanning. 

“These are not beginner techniques and they are a good reminder that spam attacks of any kind should be taken seriously,” says Kocsír.

“A robust approach to cybersecurity is essential. If you are worried about becoming the target of a sextortion scam, disable or cover the camera on your computer.”

Story image
Cyber criminals target education sector as remote learning increases
“Unfortunately, until all students are back in the classroom full-time, educational institutions will continue to be a popular target for criminals."More
Story image
CISOs, don't underestimate the importance of soft skills
There is increasing importance on Chief Information Security Officers (CISOs) having and developing the skill of emotional intelligence, a new report states.More
Story image
40% of boards will have dedicated cybersecurity committees by 2025 — Gartner
“To ensure that cyber risk receives the attention it deserves, many boards of directors are forming dedicated committees that allow for discussion of cybersecurity matters in a confidential environment, led by someone deemed suitably qualified.”More
Story image
WatchGuard rolls out updates to bring greater security to MSPs
"WatchGuard Cloud’s continued evolution is lowering the barrier to entry for MSPs to add security to their portfolios and solidifying it as the management platform of choice for the security channel.”More
Story image
Quantum extends Veeam partnership in a bid to protect against ransomware
“Quantum continues to expand its partnership with us and we are pleased to add ActiveScale object storage to a select group of S3 targets that can provide robust ransomware protection for our joint customers."More
Story image
High demand for hackers on the dark web
"Since March 2020, we have noticed a surge of interest in website hacking, which is seen by the increase in the number of ads on forums on the dark web."More