Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Ashley Madison Users victims of extortion and phishing

Security researchers have observed a spike in extortion attempts and phishing campaigns against the Ashley Madison users … are they effective? The hack of the Ashley Madison website has demonstrated us how much dangerous could be a cyber attack against a website that manage sensitive and confidential information of millions users. The disclosure of the Ashley Madison dump has […]

Ashley Madison Users victims of extortion and phishing

Security researchers have observed a spike in extortion attempts and phishing campaigns against the Ashley Madison users … are they effective?

The hack of the Ashley Madison website has demonstrated us how much dangerous could be a cyber attack against a website that manage sensitive and confidential information of millions users. The disclosure of the Ashley Madison dump has dramatic consequences for the victims and their families, many lives were destroyed by the disclosure of the information contained in the archive of the adultery website.

The disclosure of the data has caused a spike in scams against the Ashley Madison victims as confirmed by experts at Symantec.

“Scammers have moved quickly to take advantage of the Ashley Madison data breach and Symantec telemetry shows a spike in spam email campaigns mentioning the infidelity website. The breach and subsequent leak of user data has created a market opportunity for scammers seeking to take advantage of people affected by the breach.” states Symantec.

The researchers observed a spike in phishing campaigns related to Ashley Madison that contain references to the website in the subject lines of emails. Blocked subject lines included:

  • “How to check if your email is part of Ashley Madison’s hack”
  • “Ashley Madison Hack Should Scare You”
  • “How to Check if You Were Exposed in Ashley Madison Hack”
  • “Ashley Madison records leak”
  • “Ashley Madison Hack Update”
  • “Ashley Madison hacked, is your spouse cheating”

Ashley Madison Phishing Campaigns

 

The popular investigator Brian Krebs has reported on blackmail emails aimed Ashley Madison users who demanded a bitcoin in exchange for a promise of non-disclosure of the information to their partner.

The question is “Does Blackmailing Pay?”

The security researcher at Cloudmark Toshiro Nishimura explained in a blog post “this extortion campaign could have yielded a worthwhile sum for very little effort.”

The expert demonstrated that blackmailing Ashley Madison users is a profitable business for crooks.

They tried to investigate how many victims are actually paying the blackmailers. Victims received an email demanding a fee in bitcoins (1.05, or $243 at current exchange rates) and blackmailers have sent the victim data related a newly-created wallet.

At this point, Nishimura investigated on the blockchain for that specific amount.

“Specifically, we found 67 suspicious transactions totalling 70.35 BTC or approximately 15814 USD within the extortion time frame of approximately 4 days paying 1.05 BTC to addresses, with no previous activity, and with 2 or fewer transaction outputs. All suspicious address we found are attached below. (We conservatively restricted ourselves to ordinary transactions with 2 or less outputs, thus excluding those which were less likely to be simple one-to-one payments.)

To put this in perspective, in the three months prior to 8/22/2015 when we first started seeing the extortion emails, we saw a total of 67 transactions matching the above pattern at a rate of approximately 5.3 per 100,000 transactions, versus 8.9 during the extortion period.” wrote the expert.

The researcher highlighted an increment of 40 percent more Bitcoin transactions that fulfilled the criteria used for the investigation, the circumstance suggests that those transactions are likely related to victims that decided to pay the 1.05 bitcoins, for a total of about $6,400.

Be aware … if you have paid there is no guarantee that you will stay secure!

Pierluigi Paganini

(Security Affairs – Ashley Madison, Blackmailing)