The scams involve emails sent via a large “for rent” botnet Cofense discovered in June. The company is sharing the database to help people and employers avoid becoming victims. To learn more about sextortion and the botnet discovery, NCSA spoke with Tonia Dudley, Director, Security Solution Advisor at Cofense and NCSA board member.
Sextortion encompasses a broad range of cybercrimes involving non-physical forms of coercion. Typically, sextortion means the threatened release of sexual images or information to extort cryptocurrency. Typically, a victim receives an email from a cybercriminal who threatens to send purported compromising information – such as sexual pictures or videos – to friends and family unless the victim agrees to pay a bitcoin ransom. What makes the email especially believable is that to prove their legitimacy, “sextortionists” begin by showing you a password you once used or currently use.
The term “bot” is short for using the term “robot,” connected to the “net” as in “network.” A botnet is a network of computers infected with software that will wait for instructions from whoever is controlling it. This allows an attacker to control a large number of computers.The good news is we know that this botnet IS NOT infecting computers to acquire new data sets. It’s just recycling email addresses acquired through various means over time.
We wanted to help victims avoid the anxiety of trying to figure out whether to pay the requested bitcoin ransom. In the first half of 2019 alone, Cofense Labs, our newly formalized R&D arm, analyzed over 7 million sextortion-related emails. That’s a lot of people potentially impacted by sextortion.The botnet we’ve been monitoring is a “for rent” botnet used expressly for sextortion. If the botnet ingests new email addresses, we can see them and add to the database. We are also monitoring the botnet’s activity to see what malware it is using. We are looking at any new pieces of malware it might be using on a daily basis.
As an individual, if your email address shows up on the list but you haven’t received a sextortion email, be on the lookout! The sextortionist may well contact you. Don’t be alarmed by the threat in the email. Alarm and panic is precisely the reaction the attacker is hoping for with threats of public shaming if you don’t respond. Sextortion emails normally don’t have common phishing elements like a malicious link or attachment. However, if you see either, don’t click. Just delete the message.For businesses, we recommend you take certain actions, whether your domains are listed or not. We’re always adding more email addresses as the threat evolves.
Whether or not you’re on the list, we always recommend the same actions. Threat actors will use the data available to them to target users with phishing emails for this type of campaign or to gain access to accounts.
Unfortunately, there isn’t anything individuals can do to prevent being exposed, which is why we always recommend using unique usernames and passwords for each of your websites or the apps you download to your mobile device. These types of campaigns are leveraging already exposed lists from previous data breaches. When you receive an email that your account was included in a breach, immediately take action to change your password and implement multi-factor authentication when it’s available.
Tonia Dudley is Director, Security Solution Advisor at Cofense and NCSA board member. In this role, she focuses on phishing defense advocacy while demonstrating how Cofense solutions help organizations across the globe minimize the impact of attacks while reducing the cost of operations.
