www.infosecurity-magazine.com
Open in
urlscan Pro
18.155.129.60
Public Scan
URL:
https://www.infosecurity-magazine.com/news/experts-warn-of-beg-bounty/
Submission: On June 25 via manual from US — Scanned from DE
Submission: On June 25 via manual from US — Scanned from DE
Form analysis
2 forms found in the DOMGET https://www.infosecurity-magazine.com/search/
<form method="get" action="https://www.infosecurity-magazine.com/search/" role="search">
<input type="search" name="q" class="form-control" placeholder="Search site…" aria-label="Search keywords" required="required">
<button type="submit" class="form-button with-icon">
<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" role="img" aria-label="Search">
<path d="M15 15L21 21M10 17C6.13401 17 3 13.866 3 10C3 6.13401 6.13401 3 10 3C13.866 3 17 6.13401 17 10C17 13.866 13.866 17 10 17Z" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
</svg>
</button>
</form>
GET https://www.infosecurity-magazine.com/search/
<form method="get" action="https://www.infosecurity-magazine.com/search/" role="search">
<input type="search" name="q" class="form-control" placeholder="Search Infosecurity Magazine…" aria-label="Search keywords" required="required">
<input type="submit" value="Search" class="form-button">
</form>
Text Content
* Log In * Sign Up * * News * Magazine Features * Opinions * News Features * Interviews * Editorial * Blogs * Reviews * Slackspace * Next-Gen Infosec * Webinars * White Papers * Podcasts * Industry Events & Training * Magazine Events * Online Summits * Company Directory * Application Security * Automation * Big Data * Business Continuity * Cloud Security * Compliance * Cybercrime * Data Protection * Digital Forensics * Encryption * Human Factor * Identity Access Management * Industry Announcements * Internet Security * Malware * Managed Services * Mobile Security * Network Security * Payment Security * Physical and Information Security Convergence * Privacy * Risk Management * The Internet of Things * Log In * Sign Up * * News * Topics * Features * Webinars * White Papers * Podcasts * EventsEvents & Conferences * Directory * * Infosecurity Magazine Home » News » Experts Warn of “Beg Bounty” Extortion Attempts EXPERTS WARN OF “BEG BOUNTY” EXTORTION ATTEMPTS News 9 Feb 2021 WRITTEN BY PHIL MUNCASTER UK / EMEA News Reporter, Infosecurity Magazine * Email Phil * Follow @philmuncaster * * * Sophos has warned businesses to be on the lookout for unsolicited and often generic emails attempting to extract a bug bounty from them with borderline extortion tactics. So-called “beg bounty” messages typically involve automated scanning for basic misconfigurations or vulnerabilities, followed by a cut-and-paste of the results into a pre-defined email template, explained Sophos principal research scientist, Chester Wisniewski. Small businesses are typical targets: even though they do not have a bug bounty program, and perhaps because of this fact, the senders often believe they may be more inclined to pay. “Beg bounty queries run the gamut from honest, ethical disclosures that share all the needed information and hint that it might be nice if you were to send them a reward, to borderline extortion demanding payment without even providing enough information to determine the validity of the demand,” said Wisniewski. “Knowing these businesses did not have a bug bounty program and in fact probably didn’t even know what code ran their website, it seemed odd for a legitimate researcher to be wasting their time on the smallest fish in the pond.” The Sophos scientist was able to gather and analyze a few sample beg bounty incidents, which featured varying degrees of professionalism. Some leant more towards extortion and one contained factually inaccurate information, referring to an organization’s lack of DMARC as a “vulnerability in your website.” Wisniewski warned of reports claiming that engaging with the bounty hunter could lead to a slew of further bug reports and demands for more payment. He urged small business owners to take the emails and the issues they raise seriously, but to not engage with the sender, and instead seek out a reputable security provider. “Most of the bugs that were found were not even bugs. They were simply internet scans that discovered the lack of an SPF or DMARC record. Others were genuine vulnerabilities that could be easily found without skill by using freely available tools,” he concluded. “None of the vulnerabilities I investigated were worthy of a payment. The problem is that there are millions of poorly secured sites owned by small businesses that don’t know any better and are intimidated into paying for services out of fear.” YOU MAY ALSO LIKE 1. SUDOKU MALWARE TEASES USERS News20 Dec 2012 2. #INFOSECURITYEUROPE: HACKERS ARE THE IMMUNE SYSTEM OF THE DIGITAL AGE News22 Jun 2023 3. SIGNED MICROSOFT DRIVERS USED IN ATTACKS AGAINST BUSINESSES News14 Dec 2022 4. UBER HACKER MAY HAVE COMPROMISED SECRET BUG REPORTS News16 Sep 2022 5. INTERPOL BUSTS ASIAN SEXTORTION SYNDICATE News6 Sep 2022 WHAT’S HOT ON INFOSECURITY MAGAZINE? * Read * Shared * Watched * Editor's Choice MANCHESTER UNIVERSITY BREACH VICTIMS HIT WITH TRIPLE EXTORTION News23 Jun 2023 1 #INFOSECURITYEUROPE CASE STUDY: ATTACK SURFACE OPERATIONS AT NATIONWIDE News22 Jun 2023 2 AON HACK EXPOSED SENSITIVE INFORMATION OF 146,000 CUSTOMERS News8 Jul 2022 3 NCSC UPDATES CYBERSECURITY GUIDANCE FOR THE LEGAL SECTOR News23 Jun 2023 4 #INFOSECURITYEUROPE: HOW GENERATIVE AI CAN BE A FORCE FOR GOOD IN CYBERSECURITY (VIDEO) Interview22 Jun 2023 5 INFOSEC BUDGET: CREATING BARRIERS TO A CYBERSECURITY CULTURE Opinion13 Feb 2017 6 OVER 100,000 CHATGPT ACCOUNTS FOUND IN DARK WEB MARKETPLACES News20 Jun 2023 1 MILLIONS OF UK UNIVERSITY CREDENTIALS FOUND ON DARK WEB News19 Jun 2023 2 US OFFERS $10M REWARD FOR MOVEIT ATTACKERS News19 Jun 2023 3 #INFOSECURITYEUROPE: HALL OF FAME INDUCTEE BECKY PINKARD HIGHLIGHTS HER CAREER (VIDEO) Interview21 Jun 2023 4 EU PASSES LANDMARK ARTIFICIAL INTELLIGENCE ACT News14 Jun 2023 5 FIVE WAYS TO EDUCATE THE NATIONAL WORKFORCE ON CYBER HYGIENE Blog14 Jun 2023 6 STRATEGIC SHIELD: LEVERAGING THREAT INTELLIGENCE FOR SECURITY RESILIENCE Webinar8 Jun 2023 1 HOW TO TRANSFER DATA SECURELY WHEN MOVING TO THE CLOUD Webinar11 May 2023 2 THE GROWING IMPORTANCE OF DIGITAL FORENSICS AND INCIDENT RESPONSE IN CORPORATE ENVIRONMENTS Webinar23 May 2023 3 THE CHATGPT REVOLUTION: THE ROLE OF LARGE LANGUAGE MODELS IN ENTERPRISE IT Webinar18 May 2023 4 ADAPTING YOUR DATA SECURITY STRATEGY TO THE LATEST CYBER THREATS Webinar3 May 2023 5 COMBATING INFOSEC COMPLIANCE FATIGUE: PAIN POINTS AND BEST PRACTICES Webinar30 Mar 2023 6 INSIDER RISK: HOW TO KEEP YOUR DATA SAFE IN A HYBRID WORKING WORLD Webinar13 Jul 2023, 15:00 BST , 10:00 EDT 1 #INFOSECURITYEUROPE: SECURITY TRAINING NEEDS TO NUDGE, NOT NAG News21 Jun 2023 2 COUNTERING TODAY’S TOP EMAIL THREATS: A TEAM EFFORT Webinar29 Jun 2023, 15:00 BST , 10:00 EDT 3 #INFOSECURITYEUROPE: THE UNIQUE CHALLENGES OF WEB AND BROWSER SECURITY (VIDEO) Interview21 Jun 2023 4 #INFOSECURITYEUROPE: SECURITY TRAINING FAILURES IMPACTING DIGITAL TRANSFORMATION News21 Jun 2023 5 #INFOSECURITYEUROPE: NOVEL SOLUTIONS FOR DATA MANAGEMENT IN THE AGE OF DATA COLLECTION (VIDEO) Interview21 Jun 2023 6 THE MAGAZINE * About Infosecurity * Meet the team * Contact us ADVERTISERS * Media pack CONTRIBUTORS * Forward features * Op-ed * Next-gen submission * * * * Copyright © 2023 Reed Exhibitions Ltd. * Terms and Conditions * Privacy Policy * Intellectual property statement * Cookie Policy * Sitemap * Cookies Settings We use cookies to analyse and improve our service, to improve and personalise content, advertising and your digital experience. We also share information about your use of our site with our social media, advertising and analytics partners. Cookie Policy Accept All Cookies Cookies Settings COOKIE PREFERENCE CENTRE We process your information, to deliver content or advertisements and measure the delivery of such content or advertisements, extract insights, and generate reports to understand service usage; and/or accessing or storing information on devices for that purpose. You can choose not to allow some types of cookies. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more, to change our default settings, and/or view the list of Google Ad-Tech Vendors. Cookie Policy MANAGE CONSENT PREFERENCES STRICTLY NECESSARY COOKIES Always Active Strictly Necessary Cookies These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Cookies Details PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. Cookies Details FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookies Details TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising. Cookies Details UNCATEGORISED COOKIES Uncategorised cookies Uncategorised cookies are cookies that we are in the process of classifying, together with the providers of individual cookies. Cookies Details Confirm My Choices Back Button Back PERFORMANCE COOKIES Vendor Search Search Icon Filter Icon Clear Filters Information storage and access Apply Consent Leg.Interest All Consent Allowed Select All Vendors Select All Vendors All Consent Allowed * HOST DESCRIPTION View Cookies REPLACE-WITH-DYANMIC-HOST-ID * Name cookie name Confirm My Choices