We like to think that Canada is a country serious hackers aren’t interested in. But the latest figures from security vendor Trend Micro show we aren’t invisible to them.
Among the findings of its research collected in the first quarter, Canada was among the top countries that posted the highest number of point of sale RAM scraper infections. It placed seventh in the top 10 affected countries, with four per cent of the total number of infections.
Relative to other countries, four per cent isn’t big. But it does suggest attackers are figuring out that there are potentially lucrative targets north of the U.S.
Other figures show that Canada was in the top 10 countries affected by ransomware, sitting in ninth place with two per cent of all infections.
That’s part of a global increase in ransomware that started in the last quarter of 2014 and is continuing, the report notes. Also, crypto-ransomware — which encrypts files in network shares — jumped to account for nearly half of all ransomware infections and marked a four-fold increase in infections compared to the first quarter of 2014.
Perhaps most alarmingly, the numbers show Canada ranks ninth among the countries that posted the highest number of users who clicked malicious URLs in the first quarter of 2015.
“The three most notable threats for the first quarter aren’t new threats,” Christopher Budd, one of Trend Micro’s global threat communications managers, noted in a blog summarizing the overall results. “Bad ads, cryptoransomware and macro malware are all well-known threats from past years. But don’t let their age fool you: these threats have come back stronger and more malicious than ever. The prevalence and success of these threats shows again that innovation isn’t restricted to developing new threats in new arenas: it’s also in taking old threats and improving them to succeed against the security protections that once thwarted them.”
The report also warns about the sharp rise in macro malware. Although users have to enable macros on their software for the attack to work, the use of macros may be seen as an attempt by attackers to bypass traditional antimalware solutions, the report says.
Macros used in these threats are often obfuscated, allowing them to potentially pass through spam filters or scanners, which are better at detecting executable programs than macros. Macros that can be enabled using batch files are also difficult to detect. Sandboxing may not work due to the obfuscation or because users were already explicitly asked to agree to open the macro, unknowingly allowing malware to run in their system.
While Microsoft changed the way macros are implemented in Office documents it went from .DOC format to .DOCX, the report notes, macros are still executable.