Hackers now using customised country and culture specific malware to target victims
Hackers developing 'geo-malware' and localised ransomware attacks to lure in more victims Reuters

Cybercrime trends have revealed that hackers have begun targeting victims by designing country and culture specific malware, in efforts to lure in more unsuspecting victims. Cybercriminals have also now begun to use regional payment methods and vernacular to add to the authenticity of their scams.

According to security research firm Sophos, cyber-scams are becoming increasingly hard to identify and prevent, thanks to "geo-malware" and regionalised email ransomware attacks, which disguise themselves as local and well-known brands to lure in more victims.

Sophos senior security advisor Chester Wisniewski likened the organised effort of cybercriminals in crafting intelligent and believable scams with running a multinational organisation like McDonald's, which also incorporates cultural differences in its products and services when catering to specific countries.

"Cybercrime is now a highly competitive, multi-billion-dollar business. They want to target wealthy countries with particular kinds of malware, like ransomware and banking malware, while utilizing other victims for more mundane tasks like spamming or participating in denial-of-service attacks," said Wisiniewski. "Users have been conditioned to believe they can spot scams by the incorrect grammar and shoddy spelling, which leads to them falling even harder for well-crafted scam messages."

Researchers at Sophos Labs observed trends among different strains of ransomware that have been used in the past to target specific locations. For instance, varied versions of CryptoWall hit victims principally in the US, Canada, UK, France, Germany and Australia. On the other hand, TeslaCrypt pounced on victims in the UK, US, Canada, Singapore and Thailand, while TorrentLocker honed in on the UK, Italy, Spain and Australia.

It has been noted that cybercriminals tend to avoid targeting victims from certain locations. "This could be happening for many reasons. Maybe the crooks don't want attacks anywhere near their launch point to better avoid detection. It could be national pride or perhaps there's a conspiratorial undertone to create suspicion about a country by omitting it from an attack," said Wisniewski.

There has been a recent rise in cyberattacks, be it relatively small-scale phishing scams or global banking hacks like that of the Qatar National Bank. With hackers constantly evolving their techniques to deploy attacks, it has become imperative for people to arm themselves with more knowledge about potential threats.