A report published by cybersecurity firm Mimecast details a new sextortion campaign against users of some Internet of Things (IoT) devices, specifically the Google Nest and Ring home security systems. The report indicates that nearly 2,000 fraud attempts have already been detected in the US during the first days of January 2020.
Kiri Addison, the firm’s director of data science, mentions that while this appears to be an ordinary extortion campaign, it has some distinctive features, such as the use of obfuscation methods to hide the origin of emails which complicates the identification of attempted extortion even for users familiar with cybersecurity issues.
Like other sextortion campaigns, attackers send emails to victims claiming they have compromising footage that will be revealed unless a payment is made. The first message the victim receives only mentions the threat from hackers and does not contain details of any Bitcoin online wallet or other cryptocurrency to send the payment.
Instead of receiving the information to make the payment, victims receive the login credentials to access the external email account where the alleged compromising footage is located, which is legitimate content directly downloaded from the Nest website.”Hackers make victims believe that the videos found in this email account were extracted from their devices,” says the cybersecurity expert.
The attack does not end there; after that, the victim also receives the access keys to a third email account, where the hackers place the threat, claiming that the compromising video will be posted the following week unless a payment of £500 is made in Bitcoin or through gift cards for stores like Amazon or iTunes.
Specialists from the International Institute of Cyber Security (IICS) claim that this group of attackers takes advantage of the growing number of hacking reports against such devices, as most users of IoT devices currently know the security risks when using these devices. On the other hand, Addison agrees with such a statement: “With so many recently reported security incidents, it’s really easy to convince a user that their security cameras were hacked,” the specialist concludes.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.