[German]What can be more embarrassing than being associated with compromising videos and all email contacts are informed? Security analysts at Barracuda Networks have found that it is twice as likely for employees to become the target of a sextortion attack as through Business Email Compromise (BEC). The education sector is particularly at risk.
Advertising
From spam campaigns to spear phishing attacks
Cyber criminals have so far distributed fraudulent sextortion emails as large spam campaigns. An analysis by security researchers from Barracuda Networks revealed that the attackers are now expanding their tactics. The analysis shows that one in ten spear phishing attacks was such a sextortion attack. According to Barracuda, this makes it twice as likely that employees will be targeted by a targeted sextortion attack as by Business Email Compromise (BEC).
(Soruce: Barracuda)
Sextortion: How the attackers proceed
In a sextortion attack, cybercriminals pretend to be in possession of a compromising video allegedly recorded on the victim's computer and threaten to share it with all the victim's contacts – unless the target pays. Typically, Bitcoins are requested and the wallet details are included in the blackmail message.
Sextortion attackers use email addresses and passwords stolen from data leaks to communicate. Attackers often spoof the email address and pretend to have access to the account. Sextortion emails are typically sent to thousands of targets as part of larger spam campaigns, so most are detected by spam filters. But criminals are now also using social engineering to bypass traditional email security gateways.
Sextortion emails sent to inboxes usually come from reputable senders and IPs. Hackers already use compromised Office 365 or Gmail accounts. In addition, sextortion emails typically do not contain malicious links or attachments detected by traditional gateways.
Advertising
Attackers have also begun to vary and personalize the content of emails, making it difficult for spam filters to stop them. Sextortion scams are also often not reported by victims because of their supposedly embarrassing content. IT teams are therefore often unaware of these attacks.
Common Sextortion Subject Lines
It was found that the majority of subject lines in the investigated sextortion emails contain a form of security warning. More than a third of the emails asked for a password change.
(Source: Barracuda)
Attackers also often mentions the victim's email address or password in the subject line so that the target opens the email. Here are a few examples:
- name @ emailaddress.com was attacked. Change your access data. .
- Your account has been hacked, you need to unlock it again.
- Your account is being used by another person.
- Change your password immediately. Your account has been hacked.
Occasionally, attackers are also more direct and use threatening subject lines:
- You are my victim.
- Better listen to me.
- You don't have much time.
- This is my last warning name @emailadresse.com
Industries most affected by sextortion
According to Barracuda's study, the education sector is the sector most frequently affected by sextortion attacks. This ranking is followed by government agencies and companies in the business services sector.
(Source: Barracuda)
The strong focus on education is, according to Barracuda Networks, a calculated attack by attackers. Educational institutions usually have a large and young user base. This usually has less security awareness and often does not know where to seek help in the event of such an attack. Due to a lack of experience with this type of threat, there is a greater risk that young people will become victims of sextortion.
Four ways to protect against sextortion
Barracuda Networks proposes four strategies for enterprise administrators to protect users from such sextortion attacks and account takeovers.
- AI-based protection: Attackers are now personalizing their sextortion emails to bypass email gateways and spam filters. Therefore, a good security solution against spear phishing is a must. Corresponding AI-based technologies analyze and learn the specific communication behavior within a company and have integrated components that detect this type of attack.
- Protection against account takeover: Many sextortion attacks originate from compromised accounts. AI-based technologies can detect when accounts are compromised and intervene in real time by alerting users and removing malicious email sent from hacked accounts.
- Proactive investigation: With sextortion, employees may be less willing than usual to report the attack. IT teams should therefore regularly investigate delivered emails to detect messages with requests for password changes, security alerts and other suspicious content. Many sextortion emails come from countries outside Western Europe or North America. Special technologies provide interactive reports on geographic origin and help automatically remove malicious messages found in inboxes.
- Security training: Organizations should also provide users with comprehensive sextortion education as part of their security training, especially if they have a large, diverse, and young user base, such as in education. This allows users to detect sextortion attacks and feel confident reporting them. Phishing simulation training can test the effectiveness of the training and identify those users who are most vulnerable to blackmail attacks.
Through a multi-layered approach of technologies, best practices and extensive intelligence, the risk of sextortion attacks can be significantly reduced.
Barracuda is offering products within the security sector. It offers solutions that protect email, networks, data and applications with innovative solutions that grow and adapt with customer needs.
Advertising