Criminal Groups Offer Big Salaries For Cyber Skills

New research from Digital Shadows reveals that criminal groups are promising salaries averaging the equivalent of $360,000 per year to accomplices who can help them target high-worth individuals, such as company executives, lawyers and doctors with extortion scams.
 
These salary promises can be higher still for those with network management, penetration testing, Cyber and Programming skills, with one threat actor willing to pay the equivalent of $768,000 per year, with add-ons and a final salary after the second year of $1,080,000 per year.
 
One principal method of extortion where criminals deem potential victims to be particularly vulnerable is so-called ‘sextortion’. Researchers tracked a sample of sextortion campaigns and found that from July 2018 to February 2019 over 89,000 unique recipients faced some 792,000 extortion attempts against them. An analysis of Bitcoin wallets associated with these scams found that sextortionists could be reaping an average of $540 per victim.
 
The campaigns follow a similar pattern: The extortionist provides the user with a known password as “proof” of compromise, then claims to have video footage of the victim watching adult content online, and finally urges them to pay a ransom to a specified Bitcoin (BTC) address.  However, it is worth noting that other campaigns can be even more sinister, the so-called ‘Hitman’ spam campaign Digital Shadows noted from December 2018 simply claims recipients will be “killed” unless a Bitcoin demand is paid.
 
Extortion is in part being fuelled by the amount of ready-made extortion material readily available on criminal forums. These are lowering the barriers to entry for wannabe criminals with sensitive corporate documents, intellectual property, and extortion manuals being sold on by more experienced criminals to service aspiring extortionists. Blackmail guides, for example, are on sale for less than $10.
 
In one such example, seen by Digital Shadows, the guide specifically focuses on a sextortion tactic whereby the threat actor begins an online relationship with a married man and then threatens to reveal details of the affair with his partner unless a ransom is paid. 
 
The guide claims this extortion method is the easiest for ‘novice’ threat actors to start with, suggesting they could earn between $300-$500 per extortion attempt. Dedicated subsections exist on criminal forums for these type of dating scams.
Even greater levels of sophistication could be around the corner if so-called ‘crowd funding’ schemes take off. In April 2018, threat actor ‘thedarkoverlord’ stole documents belonging to the insurance provider, Hiscox. 
 
This included files related to the 9/11 attacks in the US. The threat actor hoped to play on the public’s appetite for 9/11-related controversy and encourages people to raise funds in order to view the documents. Currently this campaign has amassed some $11,600.
 
Crowdfunding models such as this allow extortionists to raise funds from the general public rather than relying on victims giving in to ransom demands. Organisations dealing with inflammatory or sensational information should therefore consider how they would respond if an attacker opts for this course of action. 
 
Rick Holland, CISO and Head of the Photon Research Team at Digital Shadows, comments: “The research shows that cybercriminal groups are increasing their targeting of high net worth individuals and / or those that hold positions of power within companies. Many threat actor groups are actively on the recruit for members to collaborate with and to help them scale their operations. Holland continues: “Widespread and opportunistic extortion campaigns are also lucrative.
 
The social engineering aspects of these emails prey upon the recipients and entice them into paying the extortion amount. Unfortunately, our analysis of a select number of the campaigns, shows us the criminals have amassed over $300,000. 
 
“Education and minimising your personal and professional online exposure are essential for thwarting extortionists goals. Since the lines between our personal and professional lives are so blurred, firms should educate their staff and tell them never to pay out a sextortion request.”
 
Digital Shadows advises the following to reduce the risk of extortion:
 
• Do not respond to sextortion emails. These scams are generally mass, opportunistic campaigns. Treat them as spam.
 
• Use HaveIBeenPwned to find previously breached accounts. Sextortion emails sometimes include a previously breached password that belongs to the victim in an effort to add legitimacy to the email. If you have email accounts that have been publicly exposed, update the password for the account and enable multi-factor authentication if possible.
 
• Develop a ransomware playbook. Regularly back up data and store sensitive files in detached storage away from the main network. Do not forget to periodically test your back-up and recovery processes. The wrong time to identify flaws in your disaster recovery strategy is after all your critical data has been encrypted.
 
• Shrink your potential attack surface. Make remote-access solutions (such as remote desktop protocol) accessible only over a VPN, and disable all other legacy or unnecessary features to harden your system against attack. Identify your most critical systems and apply vendor patches to publicly known vulnerabilities.
 
• Apply best practices for user permissions. Remove local admin rights, restrict execution privileges on temporary and data folders that ransomware typically execute from, and implement whitelisted application lists.
 
• Secure email end-users. Strong spam filters and restrictions around email attachments can help prevent spam extortion emails and malware from reaching the end-users’ email boxes.
 
• Submit a complaint to the FBI’s IC3. The FBI’s Internet Crime Complaints Center (IC3) accepts complaints from the public regarding scams like ransomware and sextortion. In the UK, contact Action Fraud or you local police authority. 
 
HelpNetSecuriity
 
You Might Also Read:
 
Pay Rates For Security Professionals:
 
 
 
« Cyber-Spies For Hire
US Under Attack By Chinese & Iranian Hackers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CoSoSys Endpoint Protector

CoSoSys Endpoint Protector

Endpoint Protector by CoSoSys is an advanced all-in-one DLP solution for Windows, macOS, and Linux, that puts an end to unintentional data leaks and protects from malicious data theft.

Cimcor

Cimcor

Cimcor’s flagship software product, CimTrak, helps organizations to monitor and protect a wide range of physical, network and virtual IT assets in real-time.

Hexatrust

Hexatrust

The HEXATRUST club was founded by a group of French SMEs that are complementary players with expertise in information security systems, cybersecurity, cloud confidence and digital trust.

Trustelem

Trustelem

Trustelem offers European and global companies a ready-to-use access management service that respects the principles of sovereignty, territoriality and privacy.

Naoris Protocol

Naoris Protocol

Naoris is the world’s first holistic blockchain-based cybersecurity ecosystem, bringing a game-changing solution to address 35 years of industry similar practice.

Option3

Option3

Option3 (formerly Option3Ventures - O3V) primarily seek control investments in the growing cybersecurity mid-market, seeking to build champions with the scale to bring cutting-edge products to market.

BAI Security

BAI Security

BAI Security is a Nationally Recognized Leader in IT Security. Keeping your data safe and your business compliant is our singular focus.

Ribbon Communications

Ribbon Communications

Ribbon Communications delivers global communications software and network solutions to service providers, enterprises, and critical infrastructure sectors.

SAIFE

SAIFE

SAIFE has adapted a Software Defined Perimeter approach and paired it with a Zero Trust model that defines access by the user, their device, and where they are located.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

ShieldApps

ShieldApps

ShieldApps comprehensive suite of products is designed to protect your personal devices from privacy threats, including hacking attempts, online tracking, fingerprinting, phishing, malware, and more.

Conversant Group

Conversant Group

Conversant Group is an IT infrastructure and security consulting company, providing technical, organizational, procedural, and process consulting internationally.

Quantum eMotion (QeM)

Quantum eMotion (QeM)

Quantum eMotion is a Montreal-based advanced developer leading the way towards a new generation of quantum-safe encryption for the quantum computing age.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

Lightpath

Lightpath

Lightpath is revolutionizing how organizations connect to their digital destinations by combining our next-generation network with our next-generation customer service.