Story image

Australia a target for ‘designer’ cyber threats

04 May 16

New SophosLabs research has found that there is a growing trend among cybercriminals to target and even filter out specific countries when designing ransomware and other such malicious cyberattacks.

This extra care taken by cybercriminals to target their victims has meant their latest malicious offerings have been deemed ‘Designer’ cyber threats.

The study from SophosLabs found cybercriminals are in fact crafting customised spam to carry threats using regional vernacular, brands and payment methods for better cultural compatibility.

This includes ransomware cleverly disguised as authentic email notifications complete with counterfeit local logos, making it much more believable, clickable and hence more financially rewarding for the criminal.

“You have to look harder to spot fake emails from real ones,” says Chester Wisniewski, senior security advisor at Sophos. “Being aware of the tactics used in your region is becoming an important aspect of security.”

Impersonations include local postal companies, tax and law enforcement agencies and utility firms, including phony shipping notices, refunds, speeding tickets and electricity bills. Contrary to work in the past, SophosLabs has seen a rise in spam where the grammar is often more properly written and perfectly punctuated.

“Even money laundering is localised to be more lucrative. Credit card processing can be risky for criminals, so they started using anonymous Internet payment methods to extort money from ransomware victims,” says Wisniewski.

There were also specific strains of different ransomware that targeted specific locations. SophosLab found that versions of CryptoWall predominantly hit victims in the U.S., U.K., Canada, Australia, Germany and France, TorrentLocker attacked primarily the U.K., Italy, Australia and Spain and TeslaCrypt honed in on the U.K., U.S., Canada, Singapore and Thailand.

“Cybercriminals are programming attacks to avoid certain countries or keyboards with a particular language,” says Wisniewski. “This could be happening for many reasons. Maybe the crooks don’t want attacks anywhere near their launch point to better avoid detection. It could be national pride or perhaps there’s a conspiratorial undertone to create suspicion about a country by omitting it from an attack.”

With cybercriminals having a deliberate hand in creating threats that look authentic and are specifically targeted, it is more difficult to recognise malicious spam – a good reason to have some decent cyber security and a sharp eye to detail!

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.