New research has revealed how scammers keep cyber extortion attacks under the radar. A team of researchers at Columbia University analysed 300,000 emails that were detected as blackmailing scams over a period of 12 months using Barracuda Networks’ AI-based detectors.
The team also sought to explore tactics that are being used by cyber criminals and how they can attempt to extort money without alerting security teams and payment systems.
Research ultimately revealed how fraudsters evade detection through methods like targeting no more than 10 work email accounts at a time, as well as making moderate payment demands of US$1000 in bitcoin.
Aiming to keep businesses better protected from cyber crime
Increased sophistication and volume of cyber attacks worldwide are forcing businesses to consider more robust cybersecurity measures. Back door cyberattacks in particular have been viewed as critical for smaller organisations, as they could result in permanent closure.
The Columbia University research findings are detailed in a new Barracuda Threat Spotlight. It describes extortion attacks as those that threaten to expose compromising information, such as photos or videos unless the victim pays the attackers.
Payment is generally requested in cryptocurrency, according to research. Attackers often purchase victims’ login credentials or find them through data breaches to “prove” that their threat is legitimate.
A team of researchers at Columbia University analysed 300,000 emails detected as blackmailing scams over a period of 12 months by Barracuda Networks’ AI-based detectors. Their goal was to understand the financial infrastructure attackers use for extortion emails.
The findings reveal how scammers avoid being detected, with 97% of sender accounts targeting no more than 10 work email accounts at a time; making it easier to avoid the attention of law enforcement. 90% of the attacks also made moderate payment demands of less than US$2000 in bitcoin, often around US$1000, to avoid alerting authorities.
Extortion emails were grouped by the team in accordance with the bitcoin wallet addresses in them. They assumed that an attacker would use the same bitcoin wallet for all attacks, ultimately finding 3,000 unique bitcoin wallet addresses. Research also found 100 wallets appeared in 80% of the emails, suggesting a small number of attackers responsible for the extortion emails surveyed.
Email phishing remains a popular attack model
Phishing and other types of email cyber attacks are continuing to rise in 2023, with Acronis in particular confirming that in the first half of the year alone, the number of email-based phishing attacks surged 464% in comparison to 2022.
Barracuda provided some important steps that security teams can take to keep businesses protected from extortion scams in its report. These include investing in AI-powered email security that can detect and block emails before they reach recipients to prevent hackers gaining control of critical systems.
In addition, it cites the importance of employee training and security policies that discourage staff from using their work email to access third party sites or to store sensitive information on.
“Our analysis suggests that extortion scams are implemented by a relatively small number of perpetrators, each firing off multiple small-scale attacks with moderate extortion demands,” said Asaf Cidon, Associate Professor of Electrical Engineering at Columbia University.
“These relatively modest sums make it likelier the targets will cooperate with the extortion, and the relatively small number of emails per sender make it easier for attackers to evade detection by traditional security technologies and anti-fraud measures at payment providers and avoid arousing the attention of law enforcement and the media – which would alert potential victims to the scam.”
- Malware & Phishing dominate the 2023 cyber threat landscapeOperational Security
- Wireless Logic: The impact of IoT cybersecurity guidanceApplication Security
- Veeam champions cyber resilience to fight ransomwareApplication Security
- Barracuda threat spotlight: Inbox rules evade detectionCyber Security