New SophosLabs research has found that there is a growing trend among cybercriminals to target and even filter out specific countries when designing ransomware and other such malicious cyberattacks.
This extra care taken by cybercriminals to target their victims has meant their latest malicious offerings have been deemed ‘Designer' cyber threats.
The study from SophosLabs found cybercriminals are in fact crafting customised spam to carry threats using regional vernacular, brands and payment methods for better cultural compatibility.
This includes ransomware cleverly disguised as authentic email notifications complete with counterfeit local logos, making it much more believable, clickable and hence more financially rewarding for the criminal.
“You have to look harder to spot fake emails from real ones,” says Chester Wisniewski, senior security advisor at Sophos. “Being aware of the tactics used in your region is becoming an important aspect of security.
Impersonations include local postal companies, tax and law enforcement agencies and utility firms, including phony shipping notices, refunds, speeding tickets and electricity bills. Contrary to work in the past, SophosLabs has seen a rise in spam where the grammar is often more properly written and perfectly punctuated.
“Even money laundering is localised to be more lucrative. Credit card processing can be risky for criminals, so they started using anonymous Internet payment methods to extort money from ransomware victims,” says Wisniewski.
There were also specific strains of different ransomware that targeted specific locations. SophosLab found that versions of CryptoWall predominantly hit victims in the U.S., U.K., Canada, Australia, Germany and France, TorrentLocker attacked primarily the U.K., Italy, Australia and Spain and TeslaCrypt honed in on the U.K., U.S., Canada, Singapore and Thailand.
“Cybercriminals are programming attacks to avoid certain countries or keyboards with a particular language,” says Wisniewski. “This could be happening for many reasons. Maybe the crooks don't want attacks anywhere near their launch point to better avoid detection. It could be national pride or perhaps there's a conspiratorial undertone to create suspicion about a country by omitting it from an attack.
With cybercriminals having a deliberate hand in creating threats that look authentic and are specifically targeted, it is more difficult to recognise malicious spam – a good reason to have some decent cyber security and a sharp eye to detail!