A new research study conducted by security firm Barracuda Networks and Columbia University has revealed that only a small number of cybercriminals are responsible for the majority of email extortion attacks worldwide. The study analyzed over 300,000 extortion attack emails flagged by the company’s AI detectors over a one-year period. The researchers examined the bitcoin wallet addresses mentioned in these emails, as cybercriminals often prefer to be paid in cryptocurrency due to its anonymous nature.
The research discovered that approximately 80% of these email extortion attacks were linked to just 100 bitcoin addresses. However, the number of bitcoin addresses does not necessarily indicate the number of attackers, as individuals involved in such activities may use multiple bitcoin addresses. The actual number of attackers could be fewer than 100 or even smaller, according to Zixi (Claire) Wang, a Master’s student at Columbia University.
In terms of the monetary demands made in these attacks, the study found that a significant proportion of the emails requested relatively small amounts. Around a quarter of the emails sought less than $1,000, and more than 90% asked for less than $2,000. Wang speculated that attackers opt for lower amounts to increase the likelihood of victims complying without investigating the legitimacy of the compromise. Furthermore, smaller amounts are less likely to raise suspicion with banks or tax authorities.
The study also revealed that bitcoin was the sole cryptocurrency used by the attackers in the dataset. Wang explained that bitcoin’s level of anonymity, the use of wallet addresses, and the ability to generate unlimited wallet addresses made it the preferred choice for cybercriminals.
These email extortion attacks typically involve claims of having compromising photos or videos of the target, obtained by hacking their device’s camera, and threatening to release them unless the demands are met. However, the researchers note that the majority of these claims are false, as attackers often do not possess any incriminating content or infect the target’s system with malware.
The limited number of perpetrators worldwide identified in the study is seen as a positive sign by Wang, as it suggests that tracking down and targeting a small number of attackers could significantly disrupt this form of cyber threat. Additionally, the researchers believe that email security vendors can block a large percentage of these attacks by implementing relatively simple detectors, given that extortion attackers often follow similar templates.
In conclusion, this research highlights the concentrated nature of email extortion attacks, with a small group of cybercriminals being responsible for the majority of these illicit activities. By understanding this pattern, law enforcement agencies can focus their efforts on identifying and apprehending these individuals, significantly mitigating the threat. Meanwhile, email security vendors can enhance their defenses by utilizing effective detection mechanisms to block a substantial portion of these attacks. As the prevalence of such attacks continues to rise, collaborative efforts between researchers, law enforcement, and security vendors are crucial in successfully combating this form of cybercrime.
