Connect with us

Hi, what are you looking for?

HEADLINES

‘Designer’ cyber threats on the rise, warns Sophos

There is a growing trend among cybercriminals to target and even filter out specific countries when designing ransomware and other malicious cyberattacks, according to SophosLabs research.

To lure more victims with their attacks, cybercriminals are now crafting customized spam to carry threats using regional vernacular, brands and payment methods for better cultural compatibility, according to Sophos.

Ransomware cleverly disguised as authentic email notifications, complete with counterfeit local logos, is more believable, highly clickable and therefore more financially rewarding to the criminal.

To be as effective as possible, these scam emails now impersonate local postal companies, tax and law enforcement agencies and utility firms, including phony shipping notices, refunds, speeding tickets and electricity bills. SophosLabs has seen a rise in spam where the grammar is more often properly written and perfectly punctuated.

Advertisement. Scroll to continue reading.

“You have to look harder to spot fake emails from real ones,” said Chester Wisniewski, senior security advisor at Sophos. “Being aware of the tactics used in your region is becoming an important aspect of security.”

Researchers also saw historic trends of different ransomware strains that targeted specific locations. Versions of CryptoWall predominantly hit victims in the U.S., U.K., Canada, Australia, Germany and France, TorrentLocker attacked primarily the U.K., Italy, Australia and Spain and TeslaCrypt honed in on the U.K., U.S., Canada, Singapore and Thailand.
The analysis also shows Threat Exposure Rates (TER) for countries during the first three months of 2016. Although Western economies are more highly targeted, they typically have a lower TER.

Nations ranked with the lowest TER include France at 5.2 percent, Canada at 4.6 percent, Australia at 4.1 percent, the U.S. at 3 percent, and the U.K. at 2.8 percent. Algeria at 30.7 percent, Bolivia at 20.3 percent, Pakistan at 19.9 percent, China at 18.5 percent and India at 16.9 percent are among countries with the highest percentage of endpoints exposed to a malware attack.

“Even money laundering is localized to be more lucrative. Credit card processing can be risky for criminals, so they started using anonymous Internet payment methods to extort money from ransomware victims,” said Wisniewski. “We have seen cybercrooks using local online cash-equivalent cards and purchasing locations, such as prepaid Green Dot MoneyPak cards from Walgreens in the U.S. and Ukash, which is now paysafecard, from various retail outlets in the U.K.”


The concept of filtering out specific countries has also emerged as a trend.

“Cybercriminals are programming attacks to avoid certain countries or keyboards with a particular language,” said Wisniewski. “This could be happening for many reasons. Maybe the crooks don’t want attacks anywhere near their launch point to better avoid detection. It could be national pride or perhaps there’s a conspiratorial undertone to create suspicion about a country by omitting it from an attack.”

Advertisement. Scroll to continue reading.

Banking is an example of how cybercriminals are using location-based malware to be more prosperous. Sophos research reveals historically how Trojans and malware used to infiltrate banks and financial institutions converges on specific regions:

  • Brazilian banker Trojans and variants pinpoint Brazil
  • Dridex is predominant in the U.S. and Germany
  • Trustezeb is most prevalent in German speaking counties
  • Yebot is popular in Hong Kong and Japan
  • Zbot is wider spread, but mostly in the U.S., U.K., Canada, Germany, Australia, Italy, Spain and Japan

“There is an entire cottage industry of uniquely-crafted Trojans just targeting banks in Brazil,” said Wisniewski.

With cybercriminals having a deliberate hand in creating threats that look authentic and are specifically targeted, it is more difficult to recognise malicious spam. Home computer users are often a target of these attacks and should protect their systems from sophisticated malware threats.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

In rigorous evaluations conducted by prestigious cybersecurity testing organizations, Kaspersky Plus (starting in Q4 2024, Kaspersky Premium), Kaspersky Endpoint Security for Business (KESB), and...

HEADLINES

"Given the Philippines' high exposure to cyber threats, it's important for both individuals and businesses to stay vigilant," said Adrian Hia, Managing Director for...

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

Advertisement