Sextortion, Bomb Threats and GoDaddy

An award-winning film from 1989 titled “Sex, Lies and Videotape” introduced the world to the power of uncomfortable private data coming to public attention and now cybercriminals are taking a page from that script with inventive phishing scams to extort millions.

New Email Scams

Emails scams are leveraging a very uncomfortable subject to extort money. Dubbed “sextortion,” this form of phishing attack can prey on almost anyone. According to a CNET article titled “Sextortion scam hits US military below the belt”:

“For more than a year, hundreds of military members thought they were finding love online. But it wasn't so. Instead, it was a case of prison inmates posing as women online, looking for victims in a scheme that investigators say netted more than half a million dollars…. The scheme stole more than $560,000 from more than 400 military members, the Naval Criminal Investigative Service said in a statement Wednesday.”

The article goes on to say:

"Sextortion campaigns are common scams, as con artists prey both on people's desires and on their fear of getting caught. Since July, for instance, thieves have been using a common sextortion scheme through email, claiming they've hacked the recipients' computers in attempts to blackmail them.

Security researchers from the Cisco Talos Intelligence Group found 233,236 sextortion emails in September and October, which amassed up to $146,380 in just two months."

New variations on this email scam use real passwords to create a sense or validity and trick the recipient into think they have actually been hacked and have to pay the extortion in order to be spared the humiliation of their porn habits being exposed.

Hoaxes Abound

Stolen passwords and weak IT Security practices give rise to all forms of cybercrimes. An ARS Technica article titled “GoDaddy weakness let bomb threat scammers hijack thousands of big-name domains” reported:

“Remember the December 13 email blast that threatened to blow up buildings and schools unless recipients paid a $20,000 ransom? It triggered mass evacuations, closures, and lockdowns in the US, Canada, and elsewhere around the world.

An investigation shows the spam run worked by abusing a weakness at GoDaddy that allowed the scammers to hijack at least 78 domains belonging to Expedia, Mozilla, Yelp, and other legitimate people or organizations. The same exploit allowed the scammers to hijack thousands of other domains belonging to a long list of other well-known organizations for use in other malicious email campaigns. Some of those other campaigns likely included ones that threatened to publish embarrassing sex videos unless targets paid ransoms.”

KrebsOnSecurity brings this into focus by blogging:

“Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned.”

Constant Vigilance

Constant vigilance is required in order to prevent cyberattacks. Effective solutions actually evaluate every line of code, making well documented evasion techniques ineffective. These solutions should be agnostic to file type, client-side application type, or the client operating system used within the organization. It should provide protection regardless of operating system, CPU architecture, and function (client, server) of the targeted machine.

Learn more here.