Numbers of Note: Excuse yourself from designer-threats and adult-site digressions

INDIA: As unpalatable as it may sound, India stands at 16.9 per cent among countries with the highest percentage of endpoints exposed to a malware attack, as per a new survey that shows Threat Exposure Rates (TER) for countries during the first three months of 2016.

There is more - the trend of threat by design. Like, Banking pops as an example of how cybercriminals are using location-based malware to be more prosperous. A Sophos research illustrates this when it shows that Brazilian banker Trojans and variants pinpoint Brazil, Dridex is predominant in the U.S. and Germany, Trustezeb is most prevalent in German speaking counties, Yebot is popular in Hong Kong and Japan and that Zbot is wider spread, but mostly in the U.S., U.K., Canada, Germany, Australia, Italy, Spain and Japan.

The threat landscape could not get more sly and sharp. Another survey is pointing at over 2,500 Twitter accounts been compromised to tweet links to websites specializing in adult dating and sex personals. Some latest Symantec research indicates that there were a number of high-profile accounts caught up in the scam like the Chromeo band where the attackers changed the profile photo, biography, and full name of the accounts to promote adult sites. Symantec also pegs some interesting numbers like: the culprit responsible for these compromises earns $4.00 for each person who signs up for the adult dating site.

If there is an entire cottage industry of uniquely-crafted Trojans just targeting banks in Brazil or attackers gatecrashing Twitter in new ways to push people towards a particular category of sites; then the mindset on threat-strategy out there is definitely swinging the pendulum.

In fact, SophosLabs research avers that there is a growing trend among cybercriminals to target and even filter out specific countries when designing ransomware and other malicious cyberattacks.

Culled from information from millions of endpoints worldwide and analyzed by the team at SophosLabs, this study also sniffs out that to lure more victims with their attacks, cybercriminals are now crafting customized spam to carry threats using regional vernacular, brands and payment methods for better cultural compatibility.

We have entered times when ransomware cleverly disguised as authentic email notifications, complete with counterfeit local logos, is more believable, highly clickable and therefore more financially rewarding to the criminal.

These scam emails are even impersonating local postal companies, tax and law enforcement agencies and utility firms, including phony shipping notices, refunds, speeding tickets and electricity bills to amplify their effectiveness.

As amusing as it may sound, SophosLabs has also seen a rise in spam where the grammar is more often properly written and perfectly punctuated.

What's worrisome for India is that even if Western economies are more highly targeted, they typically have a lower TER (Threat Exposure Ratio). Nations ranked with the lowest TER include France at 5.2 per cent, Canada at 4.6 per cent, Australia at 4.1 per cent, the U.S. at three per cent, and the U.K. at 2.8 per cent.

India falls in the other bracket at 16.9 per cent in the neighbourhood of Algeria at 30.7 per cent, Bolivia at 20.3 per cent, Pakistan at 19.9 per cent and China at 18.5 per cent, in other words, countries with the highest percentage of endpoints exposed to a malware attack.

Another trend emerging is that of localisation of money laundering. Credit card processing can be risky for criminals, so they started using anonymous Internet payment methods to extort money from ransomware victims. Sophos has observed cybercrooks using local online cash-equivalent cards and purchasing locations, such as prepaid Green Dot MoneyPak cards from Walgreens in the U.S. and Ukash, which is now paysafecard, from various retail outlets in the U.K.

As to why Cybercriminals are programming attacks to avoid certain countries or keyboards with a particular language, it's anyone's guess. Maybe the crooks don’t want attacks anywhere near their launch point to better avoid detection. It could be national pride or perhaps there’s a conspiratorial undertone to create suspicion about a country by omitting it from an attack, a Sophos expert explains.

Active Directory and corporate networks continue to take up attention on the other side. In another study, one sees 70 per cent of respondents agreeing that their Windows environments are not completely secure from malicious attacks, while another 10 per cent admit to being unaware of the security standards for Windows environments.

There are 72 per cent of respondents who seek a solution that sends alerts when security configurations change, and surprisingly,  55 per cent have not begun to use one. Also, 47 per cent of IT admins find it difficult and time consuming to gain awareness of the current security settings of their Windows environments.

A study from ManageEngine reminds that over the past few years, the success rate of attacks, both internal and external, on corporate networks has been growing and that at the center of most corporate networks is Active Directory. Since Active Directory is the most important technology to control access to the network and resources, it is important to secure all aspects of this portion of a network, it asserts.

If the minds that plan attacks are getting re-wired, shouldn't the same happen on the other side?