Online extortion campaigns keep growing. This time, data protection specialists report the emergence of a new extortion campaign that uses a network of nearly 500,000 infected devices to send threatening emails.
In this message, hackers threaten victims to post compromising photos & videos unless they make a payment of $800 USD in Bitcoin. The email includes some details about the victim, such as usernames and passwords for other platforms, probably collected from data breaches on other sites.
The scope of this attack could reach up to 27 million affected users. In addition, hackers have proven to be able to send up to 30K “sextortion” emails per hour.
Evidence collected so far suggests that only a small portion of the victims have fallen into this scam, although this is not the only concern regarding these hackers. Charles Henderson, IBM’s data protection specialist, mentions: “Botnets can be used for multiple malicious tasks. Massive sending of extortion messages is just one of their possible uses for hackers.”
As mentioned before, a botnet is a network of computers or devices connected to the Internet controlled by hackers thanks to a malware variant usually sent by infected emails or pages. Using a botnet it is possible to perform attacks through a large number of machines, making it more difficult to stop their activities and trace the origin of the attack.
A later report from security firm Check Point mentions that this campaign is using the Phorpiex botnet, active for nearly a decade. According to the leader of this investigation, Yaniv Balmas, it is almost certain that the owners of the machines compromised by this malware would not be able to detect the infection.
Experts also point out that deploying a sextortion campaign through a botnet is an efficient way for hackers to reduce the risk of the message being labeled as spam, although the exact number of victims is still unknown. “In order to reduce the trace of activity, hackers have even limited the number of extortion emails sent by each machine integrated into the botnet,” data protection experts mention.
In addition to analyzing the behavior of this botnet, experts began monitoring the Bitcoin address used by hackers to collect extortion payments, discovering that hackers have accumulated nearly 11 Bitcoins (about 100 thousand dollars). “On average, one in a thousand people must be falling into this trap,” they mention in their report. This is a campaign that requires a high level of planning and wide availability of resources, so it is not ruled out that hackers are using this botnet for other malicious tasks, such as denial of service (DoS) attacks or information theft Financial.
As a prevention measure, data protection specialists from the International Institute of Cyber Security (IICS) recommend using the latest versions of commonly used tools, such as web browsers or antivirus software. In addition, if you receive the message from hackers, it is recommended to ignore the threats.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.