Are these the most lucrative jobs in IT?

Published on the 27/03/2019 | Written by Heather Wright

Lucrative tech jobs

Wait, I have to do what?!?…

Cybercriminals are apparently offering million-dollar ‘salaries’ to skilled technology professionals willing to don a black hat – and dabble in sextortion.

Many of us have been on the receiving end of the emails – you know the ones: “We’ve hacked your computer and filmed you having fun (you know what I mean) while watching videos and now we have a double-screen video of the video you were watching and what you were up to…”, sometimes even throwing in details of your exposed credentials and always requesting a payment – usually in Bitcoins.

Now it turns out those behind the extortions are actively recruiting for helpers, even offering lucrative wages.

A new report from cybersecurity vendor Digital Shadows shows criminal groups are promising salaries averaging the equivalent of US$360,000 per year to accomplices who can help them target high-worth individuals, such as company executives, lawyers and doctors with extortion scams.

“Many threat actor groups are actively on the recruit for members to collaborate with and to help them scale their operations.”

And if you’ve got network management, penetration testing and programming skills that salary rises dramatically, with the A Tale of Epic Extortions report revealing one threat actor was willing to pay $768,000 per year, with add-ons and a final salary after the second year of $1,080,000 per year.

The data was gleaned from analysing criminal forums and bitcoin wallets and shows most experienced extortionists are promising salaries of more than $30,000.

The figures may not be that far-fetched, considering Digital Shadow’s research showed that between July 2018 and February 2019, $332,000 in extortion payments were paid from a sample of 89,000 recipients of sextortion emails.

An analysis of Bitcoin wallets associated with the scams found that sextortionists could be reaping an average of US$540 per victim.

Rick Holland CISO and Head of the Photon Research Team at Digital Shadows says the research shows cybercriminal groups are increasing their targeting of high net worth individuals and those holding positions of power within companies.

“Many threat actor groups are actively on the recruit for members to collaborate with and to help them scale their operations,” Holland says.

“Widespread and opportunistic extortion campaigns are also lucrative. The social engineering aspects of these emails prey upon the recipients and entice them into paying the extortion amount.

“Unfortunately, our analysis of a select number of the campaigns, shows us the criminals have amassed over $300,000.

Holland says education and minimising personal and professional online exposure are essential for thwarting extortionists goals.

“Since the lines between our personal and professional lives are so blurred, firms should educate their staff and tell them never to pay out a sextortion request.”

The report notes that for extortion to work, threat actors need something valuable to strong-arm victims, be it details of someone’s private life, confidential company information or total control over a company’s network. But acquiring that information has never been easier.

“As businesses rush into digital transformation, and new individuals and services join the digital economy daily, it’s becoming harder and harder to manage our data and digital assets.

“Cybercriminals recognise this and have developed ways to profit from our unwanted online exposure through extortion-based attacks.”

Digital Shadows says extortionists are taking advantage of compromised credentials, readily available on the dark web, with sensitive data, such as IP and corporate documents also available in online forums. Technical vulnerabilities provide a third point of exposure extortionists are taking advantage of, performing passive and active scanning to identify exploitable vulnerabilities on internet facing applications. They can then deploy ransomware variants to disrupt a business, damage its reputation and demand ransom fees.

“The barriers to entry for extortion-based activity continue to fall,” Digital Shadows says. “Extortionists come in all shapes and sizes, with varying levels of sophistication. With account, database and network accesses available on criminal forums, and extortion guides for sale at under $10, aspiring extortionists have a wealth of resources to get started.”

And, just when you think the world couldn’t get any weirder, the report also highlights a ‘crowdfunding’ extortion schemes – yes, they’re trying to use crowdfunding models to raise funds from the general public, rather than relying on victims giving in to ransom demands. And they’re succeeding to some degree. In April 2018, one threat actor stole documents from insurance provider Hiscox. The documents included files related to the 9/11 attacks. Playing on the public’s appetite for 9/11-related controversy, the threat actor has so far raised $11,600 through crowdfunding, with people paying into the campaign to view the documents.


Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Thank you! Your subscription has been confirmed. You'll hear from us soon.
Follow iStart to keep up to date with the latest news and views...