Story image

Australia a target for ‘designer’ cyber threats

04 May 2016

New SophosLabs research has found that there is a growing trend among cybercriminals to target and even filter out specific countries when designing ransomware and other such malicious cyberattacks.

This extra care taken by cybercriminals to target their victims has meant their latest malicious offerings have been deemed ‘Designer’ cyber threats.

The study from SophosLabs found cybercriminals are in fact crafting customised spam to carry threats using regional vernacular, brands and payment methods for better cultural compatibility.

This includes ransomware cleverly disguised as authentic email notifications complete with counterfeit local logos, making it much more believable, clickable and hence more financially rewarding for the criminal.

“You have to look harder to spot fake emails from real ones,” says Chester Wisniewski, senior security advisor at Sophos. “Being aware of the tactics used in your region is becoming an important aspect of security.”

Impersonations include local postal companies, tax and law enforcement agencies and utility firms, including phony shipping notices, refunds, speeding tickets and electricity bills. Contrary to work in the past, SophosLabs has seen a rise in spam where the grammar is often more properly written and perfectly punctuated.

“Even money laundering is localised to be more lucrative. Credit card processing can be risky for criminals, so they started using anonymous Internet payment methods to extort money from ransomware victims,” says Wisniewski.

There were also specific strains of different ransomware that targeted specific locations. SophosLab found that versions of CryptoWall predominantly hit victims in the U.S., U.K., Canada, Australia, Germany and France, TorrentLocker attacked primarily the U.K., Italy, Australia and Spain and TeslaCrypt honed in on the U.K., U.S., Canada, Singapore and Thailand.

“Cybercriminals are programming attacks to avoid certain countries or keyboards with a particular language,” says Wisniewski. “This could be happening for many reasons. Maybe the crooks don’t want attacks anywhere near their launch point to better avoid detection. It could be national pride or perhaps there’s a conspiratorial undertone to create suspicion about a country by omitting it from an attack.”

With cybercriminals having a deliberate hand in creating threats that look authentic and are specifically targeted, it is more difficult to recognise malicious spam – a good reason to have some decent cyber security and a sharp eye to detail!

Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.