Cybercrime continues to plague everyone. It seems cybercriminals are utilizing more and more tools and variations to obtain information and achieve their goals. It’s becoming apparent now that cybercriminals are attempting to maximize their profits by using tactics borrowed from normal business tactics.
Cyber criminals are customizing their attacks to hone in on different regions, countries and languages, using different malware and phishing lures. (Think food chains, custom ads and menus based on state or geography.)
According to an article in naked security, cybercriminals are using a range of tactics to target victims based on their country or language. They are forgoing the oft thought of goals of mass exposure, and are zeroing in on more specific targets.
In the article, Chester Wisniewski, a Sophos senior security advisor, shares some of the results of his research. He states, Different criminals have different goals. Some criminals seem to be mostly targeting wealthy countries – for example, ransomware doesn’t seem to hit really poor countries. Maybe they think “Americans are more likely to pay a higher ransom so we hit them with ransomware, and the poor countries in Africa probably aren’t going to pay a ransom so we’ll just use them to send spam.”
It’s a way for the criminals to increase their yield per victim. If a crook sends banking Trojans targeting German banks to every bot they infect, you’re wasting a lot of those infections. If I infected 10 million computers with malware for Germany and I only get half a million German computers, the other 9.5 million could have made money sending spam or DDoS-ing somebody or targeting a different bank. Spray and pray is what used to happen. This way they make more money and waste as much of the victims that they’ve compromised.
It’s also interesting that some countries seem to be avoided altogether in these attacks. Locky ransomware has been translated into various languages including Portuguese, Danish, Chinese and Japanese, but for some reason not Arabic or Czech. Locky also checks to see if Windows is set to Russian. If it’s Russian, Locky exits and deletes itself.
The article points out that Chet’s research reflects that cyber crooks are using tactics including geo IP lookups and traffic direction services to target their malware at individuals based on their location. The criminals are customizing their phishing and email-based malware attacks with carefully-crafted spams that mimic local brands and institutions, and using grammatically correct messages translated into local languages.
One thing is for certain, the approach to defending against cybercrime has to continue to be more aggressive and prevention is a far more favorable position to be in, then being a victim.
To access the complete article, go to: nakedsecurity.sophos.com