Story image

Bin 'em: Those bomb threat emails are complete hoaxes

17 Dec 2018

A worldwide spate of spam emails claiming there is a bomb in the recipient’s building is almost certainly a hoax, but some national cybersecurity agencies are still asking those recipients to call their local authorities.

The Australian Government’s Stay Smart Online website and New Zealand’s Computer Emergency Response Team (CERT) posted bulletins about the emails last week.

CERT NZ says the emails claim an explosive device is hidden in the recipient’s office. Unless the recipients pay the ransom in bitcoin, the device will be detonated.

Newer variations of the emails claim that acid will be thrown at the recipient if they do not pay the ransom.

In a blog, Cisco Talos’ Jaeson Schultz says the sender’s claims are ‘completely false’, but they have caused a lot of damage as organisations have been forced to evacuate and call upon law enforcement. 

“Talos has discovered 17 distinct Bitcoin addresses that were used in the bomb extortion attack. Only two of the addresses have a positive balance, both from transactions received Dec. 13, the day the attacks were distributed. However, the amounts of each transaction were under $1, so it is evident the victims in this case declined to pay the $20,000 extortion payment price demanded by the attackers,” writes Schultz.

Here’s a sample of one that landed in Techday’s editorial inbox:

Schultz says that multiple IPs identified in the bomb threat scam are the same ones that were behind  a flood of sextortion emails earlier this year.

“What makes these particular extortion messages unique from other extortion scams we've monitored is that, previously, the attackers threatened only the individual — the attackers would threaten to expose sensitive data, or even attack the recipient physically, but there was never any threat of harm to a larger group of people, and certainly not the threat of a bomb.”

“While this is likely to be an opportunistic scam, New Zealand Police are working to confirm the validity of the threats until confirmed otherwise. If you receive the email, we encourage you to contact police,” says CERT NZ.

Schultz claims that the criminals behind the emails are willing to come up with any threat in order to fool people.

“At this point, we have seen several different variations of these emails, and we expect these sorts of attacks to continue as long as there are victims who will believe these threats to be credible, and be scared enough to send money to the attackers. Talos encourages users not to fall for these schemes and — above all — DO NOT pay extortion payments. Doing so will only confirm for the attackers that their social engineering approach is working, and victims' money goes directly toward facilitating additional attacks,” Schultz says.

CERT NZ also warns anyone who received the email: •    Do not respond or try to contact the sender. •    Do not pay the ransom or take any further action until you have spoken to police. •    Keep the email as evidence to pass to police. 

Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”