User-generated content is part of what has shaped and currently defines the internet in its current form. From restaurant reviews on Yelp to tweets covering major events in real time, the information that individuals contribute online shapes our views and changes how to learn about our world and one another.
As with most good things, however, user-generated content has its downsides. One of those — perhaps the most important from a cybersecurity standpoint — is that malicious actors are able to exploit these platforms for their personal gain. This has been going on for as long as the internet has been around, but the practice has been steadily growing as an issue for individual users and businesses alike.
One example of such an extortion attempt: Hackers targeted online travel agency CheapAir with threats to destroy the company’s reputation if it declined to pay out a sum of 1.5 Bitcoins, worth approximately $10,000. In another case, hackers demanded $900 from a small restaurant in Payallup, Washington to take down a large volume of negative reviews posted to social media platforms.
Fabricated negative reviews can damage a company’s reputation by turning customers away; once a hacker strikes like this, the company is forced into playing defense, having to prove to the public that the reviews are not legitimate – but naturally, not everyone will believe even a completely honest company.
The frequency at which these events occur is alarming, with the FBI estimating 15,000 extortion-related complaints in 2017, leading to nearly $15 million in financial losses.
Any business that maintains an online presence must be prepared for incidents such as this. That’s one reason cyber intelligence research efforts have been growing in popularity. By scanning underground sources on the deep web and tracking online information related to a company, cyber-threat hunters and researchers are able to bring extortion plans to the surface before they do major damage.