Incident Response, Malware, TDR

Great White North bombarded with malicious email campaigns, report

During the first four months of 2019 threat actors conducted thousands of malicious email campaigns, hundreds of which targeted Canadian organizations.

Proofpoint researchers detected nearly 100 campaigns that specifically geo-targeted Canada or were customized for Canadian audiences in the first four months of 2019 mostly using the Emotet banking trojan, according to Proofpoint’s Beyond “North America”  report.

Emotet activity in 2019 included several high-volume campaigns that collectively distributed tens of millions of messages primarily targeting the manufacturing and healthcare industries,” researchers noted in the report. “Beginning in mid-January 2019, TA542 distributed millions of Emotet-laden emails in both English and German.”

Researchers also noted some of the attacks were in French-language geo-targeted regions of the country. Threat actors targeted several notable Canadian companies and agencies including major shipping and logistics organizations, national banks, and large government agencies.

Along with Emotet, the Ursnif banking trojan also accounted for a large volume of malware strains that appeared in Canada and North America while to a lesser extent other strands like GandCrab ransomware appeared in a number of lower volume campaigns.

Other threats include IcedID, The Trick, Danabot, Formbook, and Dridex, and the most affected industries in Canada include financial services, energy/utilities, manufacturing, healthcare, and technology.

Ultimately researchers found phishing attacks, Business Email Compromise (BEC), and other forms of imposter attacks remain among the ongoing most popular threats both internationally and in Canada.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.