Bitcoin sextortion among the threats that will affect Latin America in 2020
Bitcoin sextortion among the threats that will affect Latin America in 2020
Sextortion or sexual extortion with bitcoin is one of the top ten cybersecurity threats that will affect Latin America in 2020, according to forecasts made for the region by experts from Kaspersky, a firm of computer security specialists.
Infections aimed at software production chains, worm-like attacks, and scams such as phishing aimed at users of buying and selling sites, as well as crypto-currency exchange, are part of the attacks that will lead the Latin American population to face new challenges regarding the security of blockchain networks.
A report by the group Televisa de Mexico points out that the 2020 forecast on cybersecurity made by Kaspersky was based on data from studies conducted by the company during a year, from October 2018 to the same month of 2019.
The experts found that there will be an increase in attacks known as bitcoin sextortion in Latin America, in which the victim is blackmailed with evidence that pornographic material has been seen on his computer, so he is threatened with public exposure. To avoid this, extortionists request a sum in bitcoins or other cryptosystems.
Analysts also predict for Latin American countries an increase in more elaborate scams through which they can make a profit fraudulently, such as phishing. Roberto Martínez, Kaspersky's senior security analyst in Latin America, said that any digital device, not just computers or smartphones, but even the smart TV set itself is susceptible to attack.
Normally TV already comes with the issue of integration through which you can access streaming services and behind these platforms, there are operating systems that can be vulnerable. So imagine that someone compromises your TV and has access to everything you talk about during the day in the living room or in a section of your house. Also, the same tools in which you activate voice commands are susceptible to attacks, so we must realize that any element we add to our daily lives that has to do with the digital world, can represent a risk.
Roberto Martinez, a senior security analyst at Kaspersky in Latin America
Experts at the cybersecurity firm warned last October that there are 45 attempts at malware attacks every second in Latin America. Among the countries with the highest incidence of attacks at the global level are two Latin American countries, Brazil (7th) and Mexico (11th).
On the other hand, the world ranking of phishing attacks is led by Brazil, followed by Venezuela. Seven more Latin American countries are in the top 20. These are Chile, Ecuador, Guatemala, Panama, Honduras, Mexico, and Argentina.
For the next 12 months, according to analysts, Latin American users must also protect themselves from the use of social networks to spread campaigns for disinformation and manipulation of public opinion.
They also warned of threats to companies in the region engaged in mass production of software, as well as of worm-type attacks, taking advantage of the vulnerability in Windows 7, since technical support for this system ended on January 14. Other crimes are related to the theft of credentials through entertainment sites. Also, ransomware will gain strength in the region.
How to protect yourself from sextortion
An extortionist will start by approaching his potential victim through the inbox. He will say, for example, that he got his password because he installed a malware on the adult video page (pornography). This is one way, as there are all sorts of variations, but the message always boils down to the claim that the sender infected his victim's computer, hacked into his account or placed malware on a porn site.
The fraudster may add that he has access data to social networks, mail, instant messaging service, and even the phone book. It also indicates that he's already hijacked the webcam so he can record his victim. He threatens to make public the material he has in his possession unless a specific amount is transferred to him in bitcoin or other cryptocurrencies. They add that once payment is made, they will destroy the evidence.
Kaspersky's experts, after alerting the population of Latin America, recommend how to act if they are approached. The first recommendation is to understand that the blackmailer has nothing in his hands, but that he launched a blind bet, sent hundreds of emails with the idea of receiving a response from someone who fell into his trap.
They also advise not to panic, not to pay the ransom or respond to the emails, as the address will be validated and more emails will be received. It is also not advisable to follow the links in such messages because you could be bombarded with advertising programs or infect the machine with a virus.
Among the things you can do is to write down the password sent in the rescue email and change it immediately wherever it is used. Also, it is recommended to use a reliable password manager to store secure, hard-to-remember passwords; and to install a reliable anti-virus to keep malware out of the system.
SEXTORTION, THE SCAM THAT THRIVES
At the end of November 2018, the research laboratory of the cybersecurity firm ESET warned about the increase in spam messages where users were being swindled. The transaction is simple, they threaten to share images or videos taken from the cameras or cell phones of the victims and many of these videos threaten to be sexual, in exchange, cybercriminals ask for bank transfers.
Like one of the chapters in Black Mirror, the operation threatens to reveal videos taken from computer cameras and is a crime that has grown in recent months, especially in France, Spain and Latin America, because it is not only a minor extortion, but it is an operation that has been going on for several months.
In the supposed hacking of the user's account, it is even advisable to change the password immediately; while in the body, the mail notifies that the account has been compromised thanks to the exploitation of a vulnerability in the router by means of malware.
"Supposedly and through these actions, the attacker had managed to obtain sensitive information from the victim, so he asked for a payment not to make public the data that could "compromise" the potential victim, in France we saw a major movement in May, but we see that other markets are attractive for this type of scam," said Ondrej Kuvobic.
What has most alarmed users is that they receive the mail from their own email address so they immediately look for mechanisms to prevent their information from being violated. However, on many occasions, this message is only a spam mail and in reality, the computers were not violated.
"The problem is that many people have believed that their computers or cell phones have been hacked by messages sent by criminals, but most of the time it is only a social engineering strategy that has been very effective in Latin American countries, because many people believe that they can use their information improperly," said Kuvobic.
Faced with this situation, the ESET expert points out that the ideal is to generate authentication mechanisms in email accounts, avoid opening messages that could be apocryphal and keep updates of operating systems and antivirus updates up to date.
In addition, for email services within organizations, it is important to avoid default settings, especially those that allow email relaying, as they are often used by spammers or even malicious code.
"In the case of the campaign we detected in May, we alerted several countries, as this scam managed to raise nearly half a million dollars from victims from different parts of the world," said the expert.
The amount is possible to know because it tracks the addresses of Bitcoin wallets that are given by cyber criminals within the extortion emails they send.
Since the detection of the e-mail, the Bitcoin address located by the analysts recorded 36 movements during almost a month of relatively constant activity, with a total received of 1.29 BTC (just over 4,300 dollars). And in fact, in just one day they managed to raise $1,400.