Nearly 100 malicious email campaigns aimed at Canadian organizations in Q1: Report

IT security experts say they still come across business leaders in Canada who don’t believe their organization will be targeted for a cyber attack. A new report from security vendor Proofpoint should help dispel that.

Looking at data from customer devices, the company found that between January 1  and May 1, threat actors conducted thousands of malicious email campaigns, hundreds of which were sent to Canadian organizations.

“Nearly 100 campaigns during this period were either specifically targeted at Canadian organizations or were customized for Canadian audiences,” indicated the report, noting some were written in French.

These campaigns included email messages with stolen branding from several leading Canadian companies and agencies including major shipping and logistics organizations, national banks, and large government agencies. Top affected industries in Canada include financial services, energy/utilities, manufacturing, healthcare, and technology. This is in addition to Canadian organizations being affected by global or multinational campaigns.

The two most common pieces of malware Canadians recently fell victim to, the report says, were:

  • Emotet, a type of general-purpose malware that evolved from a well-known banking Trojan, “Cridex”, which was first discovered in 2014. It has since been developed into a robust global botnet that is comprised of several modules, each of which equips Emotet with different spamming, email logging, information stealing, bank fraud, downloading, and distributed denial of service DDoS capabilities, among others. A common technique is sending an email message with attached malicious Microsoft Word documents and/or URLs that linked to malicious documents. One recent example is a phony invoice from Amazon. While many companies urge or demand staff to disable macros in Microsoft Office as a defensive measure, Emotet will show a message asking the reader to enable macros.
  • Ursnif,  a Trojan that can be used to steal data from users of online banking websites, with the help of web injects, proxies, and VNC (remote access software) connections. It can steal data such as stored passwords as well as download updates, modules, or other malware on victim PCs. There are now multiple variants of Ursnif in the wild, following the release of an earlier version’s source code (version 2.13.241). Variants include Dreambot, Gozi ISFB, and Papras.
  • Other malware strains infosec pros should watch out for, says the report, are the IcedID and Dridex banking trojans, GandCrab ransomware, Formbook browser credentials stealer.

The report also warns organizations to be on the lookout for business email compromise scams, where executives or their assistants are suckered into sending money to seemingly legitimate bank accounts to pay invoices or secure contracts, when in fact the money goes to criminals.

“In 2019, threats specific to Canadian interests, whether abusing Canadian brands, or affecting Canadian organizations through specific geo-targeting mean that defenders at Canadian companies must be cognizant of threats far more targeted than “North America,” said the report. “Banking Trojan and the Emotet botnet lead the pack, creating risks for organizations and individuals with compelling lures and carefully crafted social engineering.

“While Canada-targeted threats are not new, Emotet in particular, with its frequent region-specific email campaigns, is bringing new attention to geo-targeting in Canada and beyond.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.