Extortion tactics: What is swatting?

Threat actors are getting increasingly creative with their extortion tactics, with triple extortion strategies becoming more common. 

And we’re also seeing new cases of swatting: an extortion tactic that leaves targets with no choice but to pay a ransom, or suffer intolerable consequences if they don’t. 

What is swatting? 

‘Swatting’ involves a threat actor making false reports to emergency services, most commonly the police. They do this to trigger the dispatch of (often armed) law enforcement officers to the target’s location, under false pretences – for example, reports of bomb threats or criminal allegations. 

As a result, a ransomware situation escalates rapidly and in a way that’s deeply alarming for the victim, and puts immense pressure on them to pay the ransom. It introduces the potential for real-life danger and violence into the cyberattack vector, and can put lives at risk. 

In essence, it’s prank calling – but with dangerous consequences. 

Has this happened recently? 

Unfortunately, yes.

• In November 2023 threat actors stole medical records from the Fred Hutchinson Cancer Center in Seattle, USA. They then targeted patients with a swatting campaign. The center rapidly notified the FBI and Seattle police, and a spokesperson from Fred Hutchinson told Becker’s, “The FBI, as part of its investigation into the cybersecurity incident, also investigated these threats.”
• At Integris Health in Oklahoma, USA, threat actors claimed to have accessed sensitive patient data. Some of those patients then received emails threatening to sell their data on the dark web if ransom demands weren’t met.
• At least three members of US Congress were targeted in swatting attacks at the end of December 2023. Separate incidents involved false emergency calls prompting serious and disruptive police responses at their homes.
• And numerous celebrities have been targeted in swatting attacks – including (but not limited to) music artists Nicki Minaj, Lil Wayne, Justin Bieber, Justin Timberlake, and Rihanna. 

Swatting is becoming more frequent  

These recent examples – and many more – highlight the fact that threat groups are increasingly relying on swatting to cause real distress and disruption, and force victims to respond to ransom demands. 

It’s an alarming trend – and increased awareness, along with preventative measures, are needed. 

What preventative measures can be put in place? 

Like many social engineering strategies, swatting is very hard to predict and prevent. But the cybersecurity industry can support with measures including:

• Education and awareness. It all starts with awareness – and potential targets who understand the risks of swatting will be more thoughtful about protecting their personal information online. Awareness of swatting also needs to increase among emergency responders and law enforcement, to help detect and respond to swatting incidents when they do occur.
• Enhanced authentication for emergency calls. More effective authentication processes could help to verify legitimate reported incidents and minimise the number of swatting attacks that successfully launch an emergency response. This is difficult to implement though – because enhanced authentication could mean slower response times to genuine emergency situations.
• Increased use of anti-swatting registries, like a national database launched by the FBI in 2023. Individuals who feel they might be targeted in a swatting attack can add themselves to a registry that alerts authorities that their address is vulnerable to this kind of attack. 

Swatters will continue to swat. But collaboration and information-sharing between targets, police, and cybersecurity experts can help to build a clearer picture of patterns within the trend, and develop more effective preventative measures in the future.