New research conducted by Barracuda Networks, in collaboration with Columbia University, has revealed that a surprisingly small group of cybercriminals is responsible for the majority of email extortion attempts worldwide. The study examined over 300,000 flagged emails, identified as extortion attacks by the company's AI detectors, over a one-year period.
To estimate the findings, the researchers traced the bitcoin wallet addresses provided in the emails, as cybercriminals often prefer this method of payment due to the anonymity and ease of transactions in the cryptocurrency realm.
However, the number of bitcoin addresses doesn't necessarily indicate the exact number of attackers. According to Columbia Master's student Zixi (Claire) Wang, who authored the report, the actual number of attackers is likely even fewer than 100, as attackers often use multiple bitcoin addresses.
The monetary demands in these email attacks were relatively low, with approximately a quarter of the emails requesting less than $1,000 and over 90% asking for less than $2,000. Wang speculates that cybercriminals opt for smaller amounts to avoid raising suspicion with victims' banks or tax authorities, and victims are more likely to comply with lower demands without investigating the legitimacy of the threat.
The researchers also observed that Bitcoin was the sole cryptocurrency used by the attackers in their dataset. Wang suggests this is because Bitcoin offers a high level of anonymity, allowing anyone to generate numerous wallet addresses.
The common scams employed by the attackers involved claims of possessing compromising photos or videos obtained by hacking the target's device camera. These threats aimed to extort money from victims under the threat of releasing the alleged content. However, the research revealed that the majority of attackers were bluffing and had no such incriminating material or infected the target systems with malware.
The silver lining in this research is that the small number of perpetrators worldwide could be advantageous for law enforcement efforts. Wang believes that tracking down even a few of these attackers could significantly disrupt this cyber threat.
Furthermore, given the similarity in tactics and templates used by extortion attackers, Wang suggests that email security vendors could block a substantial portion of these attacks using relatively simple detectors. This could provide an additional layer of protection against such cyber threats.