Sextortion and cyberattacks: are we heading towards a trade in shame?

Sextortion: a new trade in shame | Stormshield

Each month, several billion visitors flock to pornographic sites. These are figures that stimulate the imagination of cybercriminals, who are delighted with these fresh, vulnerable targets that can be easily and ruthlessly blackmailed.

After the giants Google, YouTube and Facebook, pornographic sites are among the most visited platforms in the world. According to SimilarWeb, on April 1, 2019, Pornhub was in 7th position with more than 3 billion monthly visits followed by Xvideos in 8th and Xnxx in 11th, with more than 2 billion visits each. These are figures that are sure to have cybercriminals blushing... with pleasure!

Cyberattacks linked to pornographic content almost tripled in 2018, according to Kaspersky. In 2017, Russian cybercriminals were already using fake pornographic applications to extort more than $890,000 through one million targeted Android phones. And on computers, there are more than 300,000 pieces of pornographic malware...

Are we heading towards a trade in shame?

The vulnerability of active members of these sites is all the greater because they provide personal information about themselves. In 2015, the leaking of the personal data of 32 million people registered on the adulterous dating site Ashley Madison caused a stir in the United States. And it launched the sextortion trend, a new form of cyberattack, based on shame and fear.

Matthieu Bonenfant, Marketing Director at Stormshield, confirms this underlying trend. “In the event of an attack, users feel a strong sense of guilt and will not necessarily report it. And given the high level of traffic on these sites, cybercriminals are making them a prime target.”

A rush towards premium accounts

It is only a short step from dating sites to pornographic sites, and cybercriminals are not lacking in ideas when it comes to blackmailing their vulnerable users. They prefer to steal premium accounts, which are packed with information about their users. It is an effective method for blackmail and threats. At the end of last year, the hacking of 8 pornographic sites led to the theft of more than one million user accounts and associated personal data.

This information can be used to blackmail the people in question, or it can be resold on the dark web to allow buyers to access these sites anonymously. You can never be too careful... In 2018, Kaspersky Lab found about 10,000 unique offers of premium access accounts to pornographic sites on the dark web, about twice the number of offers recorded the previous year (2017).

The explosion in webcam attacks

In addition to the threat hanging over these sites, a further one has become considerably more serious in recent months: webcam blackmail. “At the beginning of 2018, we recorded 400 to 500 reports per week of this type of attack. Since the beginning of 2019, we have seen several thousand of them per week,” says Adrienne Charmet, Project Manager at cybermalveillance.gouv.fr.

In most cases, it’s a hoax. So don't panic, don't answer and don't pay

Adrienne Charmet, Project Manager at cybermalveillance.gouv

Created in 2017 with the support of private actors such as Stormshield, this public platform is actively campaigning on its website and social networks to inform the public about webcam piracy. "In most cases, it’s a hoax. So don't panic, don't answer and don't pay,” explains Adrienne Charmet, who has a few tips in terms of what to do. Take screenshots in order to record the messages and file a complaint in order to report the attempted extortion.

Because here is precisely how these cyberattacks work: after threatening to disclose a compromising video to your family, colleagues or bosses, cybercriminals urge you to click on a link to check that the video exists; using a variety of strategies that vary in their credibility...

This link contains a harmful file that infects your device using GandCrab ransomware, whose popularity will certainly not be affected by the recent retirement of its creators

 

Share on

Ransomware-type cyberattacks often bypass traditional means of protecting corporate workstations. Because training your teams in good IT security practices is not enough, Stormshield Endpoint Security provides high-level, proactive protection against the latest threats.

About the author

mm
Victor Poitevin
Digital Manager, Stormshield

Victor Poitevin is Stormshield’s Digital Manager. Attached to the Marketing Department, his role is to improve the Group’s online visibility. This involves Stormshield’s entire ecosystem, including websites, social networks and blogs. He will make use of his diverse experience, gained in several major French and international groups and communications agencies, to fulfill the Group’s high digital aspirations.