Sophos, (LSE: SOPH) has unveiled the report produced by their SophosLabs “Following the money in the massive” Twist “spam system, which shows how the funds extracted in bitcoins to the victims led investigators to a weak point in the activity of cybercriminals.
Investigators tracked the origin of millions of extortion spam emails launched between September 2019 and February 2020 to later analyze what happened to the money deposited by the victims in the attackers’ bitcoin wallets. The amount stolen in bitcoins through these scams reaches approximately $ 500,000. SophosLabs believes this is the first report that tracks the path of extortion bitcoins.
The sextorsion is a form of spam attack Widely used, accusing the recipient of visiting pornographic websites and threatening to share video evidence with friends and family if the victim does not pay. In the attacks analyzed, victims were required to deposit up to $ 800 in the bitcoin wallet addresses provided by the attackers.
Spain It is among the 15 countries in the world that received the most attacks, specifically in 11th place with 2.49% of all attacks detected. This figure assumes that cybercriminals targeted their scam emails against 78,649 email addresses.
SophosLabs researchers worked with CipherTrace Inc. to track the flow of money from these wallets. In the investigation, they discovered that the extorted funds were used to finance subsequent illicit activities, such as transacting in dark web markets and buying stolen credit card data. Other funds were quickly transferred through a series of bitcoin wallet addresses to consolidate them, passing them through “mixers” in an attempt to launder the stolen money and turn it into cash.
“The underworld of cybercriminals is a complex network, and the SophosLabs investigation shows how attackers use the money they earn from one operation to invest it in another,” says Tamás Kocsír, a security researcher at SophosLabs who led the investigation. “Sex extortion scams take advantage of fear, making it an effective way to make quick money. Throughout the five months of our investigation we have seen wave after wave of attacks, some even on the weekends, sometimes accounting for up to a fifth of all reported spam attacks. And while most victims didn’t open the email or pay, enough did so for the attackers to get 50.9 bitcoins, the equivalent of around $ 500,000. ”
The scams exploited international botnets through compromised computers to send millions of spam emails to recipients around the world. Vietnam, Brazil, Argentina, Republic of Korea, India, Italy, Mexico, Poland, Colombia and Peru are the 10 countries where the most compromised computers were used to disseminate spam messages, of which 81% were in English, 10 % in Italian, 4% in German, 3.5% in French and 1.2% in Chinese.
“Spam campaigns are relatively cheap and easy to carry out, but to think that for this reason they are only launched by opportunistic or low-skilled cybercriminals could be wrong,” says Kocsír. “Our research found that some of the fraudulent emails used innovative techniques to hide, designed to bypass anti-spam filters. Some examples of these techniques include breaking words with invisible random sequences, inserting blocks of white trash text, or adding words in Cyrillic alphabet to confuse automatic scanning systems. These techniques are not beginners and serve as a good reminder that any type of spam attack should be taken seriously. Having a strong focus on cybersecurity is essential. If you are concerned about becoming the target of a sextorsion attack, deactivate or cover the camera of your computer ”Kocsír recalls.