Swatting – or the false reporting of a violent crime to the police in order to send heavily armed law enforcement swarming to a victim’s home or residence – is a practice that was once mostly confined to teenagers or to the gaming world. Just this week, schools in California, Michigan and Vermont were forced into lockdown following a wave of fake reports about mass shootings.
However, this tactic is increasingly being wielded against others groups, including politicians, celebrities and now business executives in the corporate world.
On Tuesday, researchers from BlackCloak said they found a massive spike in swatting attacks over the past six weeks that use online and stolen information to target corporate executives and board members.
According to the company, attackers gathered executives' personal information from a variety of sources, including the dark web, data broker information, property records, and even publicly available information plastered on the leadership pages of company websites. Using synthesized voice devices, the attackers usually report a murder or hostage situation before pleading with police to intervene.
The rise of the internet and the enormous amounts of personal data – both public and stolen – about individuals that can now be found on the internet makes it easier than ever to identify a target, where they work and where they live. That makes attacks like swatting a relatively low-effort, high-impact form of harassment.
"This surge in swatting attacks targeting corporate executives shows how cyber incidents can have real physical damage. This is really a critical threat as it poses a physical risk to executives and their whole families," said Chris Pierson, chief executive officer and co-founder of digital executive protection firm BlackCloak.
Though Pierson did not disclose how many of BlackCloak's clients have been impacted by the attacks, he told SC Media that the company has recently observed thirty to fifty executives being targeted per month, compared to only one or two monthly incidents in the past. Most of the incidents have been heavily focused on executives in the healthcare, biomed, pharma, and esports gaming industries, but they have begun to spread out to other sectors over the past few weeks.
BlackCloak has no insight into the motivations behind the attacks, but Pierson speculated that these industries have been involved in numerous high-profile news events over the past few years that could serve as fuel for angry groups or individuals.
"Given that many executives in the healthcare and biomed sectors are being targeted, the attacks can be associated with current events, such as drug prices or vaccines," Pierson said. "So far, nobody knows the real motivation behind it, but what we do know is that the outcome is chaos."
Daniel Floyd, chief information security officer at BlackCloak, said this is an alarming wake up call for many CISOs, who must grapple with how to promote their company’s brand and presence online while somehow protecting company executives from having that information used against them.
"At the very minimum, review and remove mention of home residence geographic location on the 'About Us' section of your corporate website and encourage your executives to ensure that their homes are not registered in their own names, but rather an anonymous trust or corporation,” said Floyd. “If you or an employee are threatened with or at high risk from a swatting attack, consider contacting your local law enforcement agency's non-emergency number to speak about the red flagging of your address or if they have an anti-swatting registry."