Prepare for the future of digital extortion
Digital extortion has grown into the most effective criminal business model in today’s threat landscape, and Trend Micro experts expect that it will continue to spread since it’s cheap, quick to do, and the victims frequently pay.
Wide variety of targets
In the digital age, the boundary between blackmail and extortion is becoming increasingly blurred.
“Many digital crimes that we typically think of as ابتزاز are, in reality, extortion – such as ransomware,” the researchers noted. “Similarly, certain offences classified as extortion are not. سايبر Sextortion comes to mind, in which a person is compelled to do sexual activities under the fear of having incriminating material about them revealed online.” In brief, digital extortion encompasses any attempt by a criminal to compel a victim into doing anything – paying money or performing a service. However, the primary distinction between physical and online extortion is the vast range of assets that may be targeted in the digital arena.
Successful approaches and future attempts
The attackers’ effectiveness in blackmailing targets is determined by how much they demand and how much leverage they have.
“Given data breach rules and regulations, as well as the extremely substantial impact breaches may have on a company’s reputation, the extortionist’s recurrent payments may fit within the corporate victim’s loss tolerance for brand protection.” “In that situation, some corporate victims may just choose to pay,” the researchers said.
Sextortionists, on the other hand, are frequently successful, especially when they do not ask for money, but rather (typically sexual) favours – the victims panic and oblige, providing the extortionist with additional material for blackmail. The experts anticipate that extortionists would increasingly utilise social media to intimidate users and businesses with defamation campaigns. Machine learning skills that can be utilised to make convincing face-swap movies will very certainly exacerbate the issue for both private and public persons.
It is possible that these scenarios have already occurred, but because they are unlikely to receive public notice, we are unaware of them.
Be prepared
Trend Micro encourages businesses to plan ahead of time for probable digital extortion situations so that they can respond swiftly and appropriately.
DDoS assaults and smear campaigns should be addressed by informing the press about the problem and requesting administrators of the sites where the smear campaign is being carried out to assist with prevention. “Any new or unique assets should be included in incident response strategies.” The strategy should include assets such as blockchain technology accounts, wallets, and the like, as well as what to do if they are hacked or attacked. The same may be said for any business process that is vulnerable to assault. “Any system involved should be considered, and a feasible plan for dealing with extortion attempts should be developed ahead of time,” they said. Individuals who are the subject of sextortion must understand that the demands will never stop and should not give in. “A remedy here is to go to the authorities and report the occurrence, perhaps triggering an inquiry that leads to the arrest and indictment of the perpetrator.” In contrast, when the victim places less value on the material already in the extortionist’s possession, the data loses value in the attacker’s eyes and is less likely to be used,” the researchers found.