A new cyber risk has been threatening companies in recent months, playing into the fears of business owners and employees and trying to blackmail them out of money.
International specialist insurer Beazley has reported on an increase of this new threat, dubbed ‘sextortion’. The company’s Breach Response Services area has conducted a report showing an alarming increase in people falling for the new scam that threatens business.
The sextortion cyber scam attempts to extort money from people by sending an email claiming to have embarrassing evidence of them accessing adult material on their computer. Sometimes the email will claim to have webcam footage of the person recorded while viewing the adult material.
To make the email seem even more real, sometimes it will include a password of the person’s, usually sold to the cybercriminal from a data breach.
The criminal will then request bitcoins or other cyber currency or else they will send the material they claim to have to the person’s workplace, family and friends.
Beazley’s manager for breach response services, Raf Sanchez (pictured), said part of the issue with cyberattacks is that many businesses are ill prepared, and despite being warned are still not seriously thinking about the issue.
“Companies are not winning the arms race,” Sanchez told Insurance Business. “They are relatively slow to change.
“If you want do anything you have to go through various layers of approval, you have get sign off from people, you have to convince people to purchase something and invest in the service. In the meantime, the criminals have already created three new types of attack.”
This latest attack, for example, has been created simply because criminals had access to information that was breached, and needed ways to use that information.
“This sextortion epidemic is happening because attackers had access to literally billions of breached email addresses and account passwords,” Sanchez explained. “The Facebook breach, many others have put into their hands literally millions of identities and they have to find a way to exploit that, ways to make money from this.”
This is why cyber insurance is important for businesses, Sanchez believes. He outlines that many employees are more careless with cybersecurity when accessing emails at work, assuming that their employer would have filtered out junk or scam emails. So, if there is an extortion or malware issues, like can happen with this sextortion email where a clicked link can install a program to steal information, it’s important for the business to have insurance that will cover them.
“Unfortunately, the traditional extortion scam is always going to be effective against a small number of people,” Sanchez said.
“This is not a fixed risk - cyber threats are changing because as we adapt to defend against a particular type of incident the attackers will just move on to the next type of thing they can think of. And they’re actually quite creative.”
This particular scam has been so successful that police have had to issue warnings about the ‘sextortion’ threat from cyber criminals, meaning businesses should take real note.
“If there’s one thing I think is demonstrated by this issue it’s that cyber criminals are creative, and attacks are very cheap and easy to conduct,” Sanchez said.
“It’s also extremely cheap for the criminals to conduct this type of extortion, with large amounts of emails being able to be purchased on the dark web for as little as £50, and an automated bot then sending the emails to targets.
“It’s not like building a defence that costs money because you have to hire consultants and you have to purchase software - this is literally changing the text of an email and sending it out.”