SophosLabs Research Raises the Alarm over ‘Designer’ Cyber Threats 


By Emma Okonji

Sophos, a global leader in network and endpoint security, in its recent SophosLabs research conducted across globe, has raised the alarm over a growing trend among cybercriminals to target and even filter out specific countries when designing ransomware and other malicious cyberattacks.
The research includes information from millions of endpoints worldwide and is analysed by the team at SophosLabs.
To lure more victims with their attacks, cybercriminals are now crafting customised spam to carry threats using regional vernacular, brands and payment methods for better cultural compatibility, according to Sophos.
Ransomware cleverly disguised as authentic email notifications, complete with counterfeit local logos, is more believable, highly clickable and therefore more financially rewarding to the criminal, the research revealed.
To be as effective as possible, these scam emails now impersonate local postal companies, tax and law enforcement agencies and utility firms, including phony shipping notices, refunds, speeding tickets and electricity bills. SophosLabs has seen a rise in spam where the grammar is more often properly written and perfectly punctuated.
Senior Security Advisor at Sophos, Chester Wisniewski, said: “You have to look harder to spot fake emails from real ones. Being aware of the tactics used in your region is becoming an important aspect of security.”
Researchers also saw historic trends of different ransomware strains that targeted specific locations. Versions of CryptoWall predominantly hit victims in the U.S., U.K., Canada, Australia, Germany and France. TorrentLocker attacked primarily the U.K., Italy, Australia and Spain and TeslaCrypt honed in on the U.K., U.S., Canada, Singapore and Thailand.
The research also showed threat exposure rates for countries during the first three months of 2016. Although Western economies are more highly targeted, they typically have a lower level of attacks. Nations ranked with the lowest level of attacks include France at 5.2 per cent, Canada at 4.6 per cent, Australia at 4.1 per cent, the U.S. at 3 per cent, and the U.K. at 2.8 per cent.
The research report said African countries were at an average level of attacks, with Tanzania having 11.1 per cent, Kenya 11.5 per cent, South Africa 11.6 per cent, Egypt 12.4 per cent, Angola 15.7 per cent, Nigeria 15.7 per cent, Tunisia 16.4 per cent, Morocco, 16.6 per cent, Uganda 24.9 per cent, Ghana 25.5 per cent, Mozambique 28.3 per cent, Algeria 30.7 per cent, Zambia 35.5 per cent and Malawi 39.4 per cent.
Algeria at 30.7 per cent, Bolivia at 20.3 per cent, Pakistan at 19.9 per cent, China at 18.5 per cent and India at 16.9 per cent are among countries with the highest percentage of endpoints exposed to a malware attack, the research report said.
The concept of filtering out specific countries has also emerged as a trend.
“Cybercriminals are programming attacks to avoid certain countries or keyboards with a particular language,” according to Wisniewski. He said this could be happening for many reasons, among which is that may be the crooks don’t want attacks anywhere near their launch point to better avoid detection.