IT security experts say they still come across business leaders in Canada who don’t believe their organization will be targeted for a cyber attack. A new report from security vendor Proofpoint should help dispel that.
Looking at data from customer devices, the company found that between January 1 and May 1, threat actors conducted thousands of malicious email campaigns, hundreds of which were sent to Canadian organizations.
“Nearly 100 campaigns during this period were either specifically targeted at Canadian organizations or were customized for Canadian audiences,” indicated the report, noting some were written in French.
These campaigns included email messages with stolen branding from several leading Canadian companies and agencies including major shipping and logistics organizations, national banks, and large government agencies. Top affected industries in Canada include financial services, energy/utilities, manufacturing, healthcare, and technology. This is in addition to Canadian organizations being affected by global or multinational campaigns.
The two most common pieces of malware Canadians recently fell victim to, the report says, were:
- Emotet, a type of general-purpose malware that evolved from a well-known banking Trojan, “Cridex”, which was first discovered in 2014. It has since been developed into a robust global botnet that is comprised of several modules, each of which equips Emotet with different spamming, email logging, information stealing, bank fraud, downloading, and distributed denial of service DDoS capabilities, among others. A common technique is sending an email message with attached malicious Microsoft Word documents and/or URLs that linked to malicious documents. One recent example is a phony invoice from Amazon. While many companies urge or demand staff to disable macros in Microsoft Office as a defensive measure, Emotet will show a message asking the reader to enable macros.
- Ursnif, a Trojan that can be used to steal data from users of online banking websites, with the help of web injects, proxies, and VNC (remote access software) connections. It can steal data such as stored passwords as well as download updates, modules, or other malware on victim PCs. There are now multiple variants of Ursnif in the wild, following the release of an earlier version’s source code (version 2.13.241). Variants include Dreambot, Gozi ISFB, and Papras.
- Other malware strains infosec pros should watch out for, says the report, are the IcedID and Dridex banking trojans, GandCrab ransomware, Formbook browser credentials stealer.
The report also warns organizations to be on the lookout for business email compromise scams, where executives or their assistants are suckered into sending money to seemingly legitimate bank accounts to pay invoices or secure contracts, when in fact the money goes to criminals.
“In 2019, threats specific to Canadian interests, whether abusing Canadian brands, or affecting Canadian organizations through specific geo-targeting mean that defenders at Canadian companies must be cognizant of threats far more targeted than “North America,” said the report. “Banking Trojan and the Emotet botnet lead the pack, creating risks for organizations and individuals with compelling lures and carefully crafted social engineering.
“While Canada-targeted threats are not new, Emotet in particular, with its frequent region-specific email campaigns, is bringing new attention to geo-targeting in Canada and beyond.”