Sophos, a global leader in network and endpoint security, revealed SophosLabs research that indicates a growing trend among cybercriminals to target and even filter out specific countries when designing ransom ware and other malicious cyber attacks. The research includes information from millions of endpoints worldwide and is analyzed by the team at SophosLabs.
To lure more victims with their attacks, cyber criminals are now crafting customized spam to carry threats using regional vernacular, brands and payment methods for better cultural compatibility, according to Sophos. Ransom ware cleverly disguised as authentic email notifications, complete with counterfeit local logos, is more believable, highly clickable and therefore more financially rewarding to the criminal. To be as effective as possible, these scam emails now impersonate local postal companies, tax and law enforcement agencies and utility firms, including phony shipping notices, refunds, speeding tickets and electricity bills. SophosLabs has seen a rise in spam where the grammar is more often properly written and perfectly punctuated.
“You have to look harder to spot fake emails from real ones,” said Chester Wisniewski, senior security advisor at Sophos. “Being aware of the tactics used in your region is becoming an important aspect of security.”
Researchers also saw historic trends of different ransom ware strains that targeted specific locations. Versions of CryptoWall predominantly hit victims in the U.S., U.K., Canada, Australia, Germany and France, Torrent Locker attacked primarily the U.K., Italy, Australia and Spain and TeslaCrypt honed in on the U.K., U.S., Canada, Singapore and Thailand.
The analysis also shows Threat Exposure Rates (TER) for countries during the first three months of 2016. Although Western economies are more highly targeted, they typically have a lower TER. Nations ranked with the lowest TER include France at 5.2 percent, Canada at 4.6 percent, Australia at 4.1 percent, the U.S. at 3 percent, and the U.K. at 2.8 percent. Algeria at 30.7 percent, Bolivia at 20.3 percent, Pakistan at 19.9 percent, China at 18.5 percent and India at 16.9 percent are among countries with the highest percentage of endpoints exposed to a malware attack.
“Even money laundering is localized to be more lucrative. Credit card processing can be risky for criminals, so they started using anonymous Internet payment methods to extort money from ransom ware victims,” said Wisniewski. “We have seen cyber crooks using local online cash-equivalent cards and purchasing locations, such as prepaid Green Dot MoneyPak cards from Walgreens in the U.S. and Ukash, which is now pay safe card, from various retail outlets in the U.K.”