Oh my. Bad guys have come up with a sinister new strain of blackmail/sextortion. Just when you thought things couldn’t get worse, the bad guys dive even deeper.
Eric Howes, KnowBe4’s Principal Lab Researcher, notified me of a new type of cyber attack now currently out there in the wild. It claims that the CIA will blackmail and bust you for possession of child porn unless you pay a $5,000 fee and only then “will your records be deleted.”
Here is the screenshot:
Apart from the very scary and expensive extortion, it also contains a malicious link. What lies behind that link, (credentials phish or malware download) we may never know. I say this as the target web page for that link has been taken down. However, it sure looks like the bad actors have employed two attack vectors and are also attempting to infect the workstation.
This trend will become more serious
We are seeing a rise in this blackmail-type phishing… and with time, it will become more and more serious. With the capabilities of recent destructive malware and ransomware the following scenario becomes highly probable: If you don’t pay the ransom —but click on the link— they will put actual child pornography on the users’ machine, and/or they stuff your users’ search history with fake searches. Then they will anonymously notify the FBI or other law enforcement of your situation. It is a setup with the intent to inflict self harm to the individual. In this case, a possible arrest as well as disrupt the organization you work for simultaneously. Remember, think before you click! Double check email addresses, do not click on suspicious links, and most importantly, secure your email.
This could absolutely ruin someone’s life
Unfortunately, this sort of attack is not difficult to execute. We see the potential for this to develop into highly targeted spear phishing attacks on persons of worth such as; CEOs, politicians, high-net-worth individuals, celebrities, etc.
Child porn would be a gruesomely effective setup. As malware researchers and investigative journalists have discovered to their horror, law enforcement —across the board— has a zero tolerance policy in regards to child pornography. To that extent, even the law enforcement officers dealing with these child pornography cases are highly monitored and supervised.
These bad actors have deployed two similar attack scenarios and are forced to make a critical decision. If you’ve compromised the devices/accounts of a high- value target, what’s the most productive way to extract value from that target?
- Lie low and exploit the compromised devices and accounts for long-term gain (information, money, etc.)
- Go the extortion route, which would inevitably bring scrutiny from law enforcement, IT specialists, and others with a stake/interest in investigating those devices and accounts.
Different cybercrime gangs could be operating with divergent “business models.” A similar headline recently highlighted the news. The recent dust-up between Jeff Bezos and AMI (parent company of the National Enquirer) presents a similar situation to the above attack model. Imagine if Mr. Bezos’ phone would have been compromised. Inside information, bank details, data breaches, etc. Think of the potential value of getting super-sophisticated backdoor Trojans on the devices of Mr. Bezos.
What kind of world are we living in?
It would be important for the cyber criminals to set a precedent like ransomware did: pay the ransom and get your files back. A few famous people being made an example of with a repulsive attack like this, and we bet people will start paying.
This could even be developed into a criminal extortion subscription, modeling the old “protection money” the mob used to run.
One thing is for sure
We absolutely have to make our users aware of these horrible scams, and make sure we stay cool, calm and collected when wesuddenly see something evil has made it through the filters, and instead of panic, think before you click. As potential targets of these attacks, and as these attacks become more and more common, we need to stand our ground. We must continue to educate ourselves and update our security protocols with the changing times. And of course, we need to, “Think before you click!”