While online ads everywhere are becoming increasingly targeted to entice users to click on them, the same trend is taking off among criminals designing ransomware, a new report from SophosLabs has found. As awareness grows about online security, ransomware is becoming increasingly customised in order to fool more people into clicking into malicious spam.
Sophos’s research has found that cybercriminals that send ransomware and malware attacks are now able to create customised spam emails to disguise their links, using regional vernacular, brands and payment methods for an increased look of authenticity. Many Australians may have encountered this phenomenon recently in a series of fake Australia Post emails that spread ransomware in the form of CryptoLocker 2.0, as one example, and these types of authentic-looking email notifications disguising malware are only on the rise.
These scam emails can impersonate local institutions such as postal companies, tax and law enforcement agencies and utility firms, comprising of content like fake shipping notices, refunds, speeding tickets or electricity bills. The scarier part of these findings, however, is that Sophos’s research has found a rising in spam where the spelling and grammar is properly written and the email is perfectly punctuated — an element where scam emails often tend to fail even basic scrutiny.
“You have to look harder to spot fake emails from real ones,” said Sophos’ senior security advisor, Chester Wisniewski. “Being aware of the tactics used in your region is becoming an important aspect of security.”
Even the type of ransomware strain can vary regionally — where Australia, along with the US, UK, Canada, Germany and France, is more likely to be hit by Cryptowall or TorrentLocker, strains such as TeslaCrypt are more prevalent in the UK, US, Canada, Singapore and Thailand.
Luckily, Australia has a lower threat risk than most, with a Threat Exposure Rate (TER) of only 4.1 per cent — a parameter measured by the number of malware infections and attacks per 1000 Sophos endpoints in that country. The US and UK are lower at 3 per cent and 2.8 per cent respectively, while the highest include Algeria at 30.7 per cent, Bolivia at 20.3 per cent and Pakistan at 19.9 per cent.
Interestingly, some countries can be specifically excluded from certain malware attacks, though the motives behind criminals doing this aren’t too clear.”Cybercriminals are programming attacks to avoid certain countries or keyboards with a particular language,” said Wisniewski. “This could be happening for many reasons. Maybe the crooks don’t want attacks anywhere near their launch point to better avoid detection. It could be national pride or perhaps there’s a conspiratorial undertone to create suspicion about a country by omitting it from an attack.”
At the other end of the scale are countries like Brazil, where an entire cottage industry of Trojans specifically crafted to target Brazilian banks has grown. Luckily the situation is not so dire here in Australia, but it’s still something to be careful of, with Symantec reporting earlier this year that the rate of cyberattacks in Australia grew a massive 141 per cent last year, and are only expected to rise from there.
These findings, while not unexpected, serve as a timely reminder to always double check suspicious emails before you open them, and if in doubt give the sender a call to make sure the email is legitimate.