Criminals in search of a better climate for their unlawful enterprises may be looking at Canada with its clean "cyber-reputation," according to Websense.
Cyber-criminals
appear to be on the move, switching from Chinese and Eastern European IP
addresses in favor of Canadian ones, according to security researchers.
An increasing
number of malicious traffic and botnets is originating from servers based in Canada,
Patrik Runald, a senior manager of security research at Websense, wrote May 9 on
the Websense Insights blog. This may be because many
Web security services and security products scrutinize traffic originating from
China and Eastern Europe more carefully for malicious activity, the researchers
said.
In contrast,
Canada has a better "cyber-reputation," and traffic from those servers may be
regarded with less suspicion.
"Cyber-criminals
are taking advantage of Canada's clean cyber reputation, and moving shop,"
Runald told eWEEK.
More malicious
content is being hosted in Canada than ever, according to Runald. The number of
phishing sites hosted on Canadian servers has more than quadrupled over the
past year, making Canada the second-largest source of this kind of attack. Only
Egypt had a greater growth rate in terms of sites hosting crimeware. The United
States remained the biggest source of phishing attacks, but Canada was close
behind, followed by Egypt, Germany and the United Kingdom.
The number of
botnets active in Canada also jumped 53 percent in the past eight months to an
"all time high," according to Websense. The top five countries hosting botnets
were the United States, Canada, France, Germany and China. Canada was the only
country that showed an increase in bot networks over that time period,
according to Websense.
Researchers
measured botnet activity by counting command-and-control servers based in the
country.
While the
number of malicious Websites declined in general worldwide, Canada had a slower
rate of decline, compared with other countries, Runald said. As a result of the
increase in malicious networks and servers with Canadian IP addresses, Canada
is now the sixth-largest source of cyber-crime. In comparison, the country
ranked thirteenth in 2010.
"All trends
pointed to Canada as the new launch pad for cyber-criminals," Runald said.
There doesn't
appear to be a lot of spam originating from Canada, however, according to the
latest "dirty dozen" report from Sophos. The list of top 12 spam-relaying
countries for January to March included the United States, India, Russia and
several European countries, but not China or Canada. That's not to say there is
no spam coming from Canada; it's just not in the top 12.
"Because
virtually all spam is sent from compromised PCs, it's a pretty good indication
of where the botnets have got the tightest hold," Graham Cluley, a senior technology
consultant at Sophos, wrote May 11 on the NakedSecurity blog.
Businesses
need to be able to defend against attacks coming from an unexpected direction. Organizations
should be implementing security measures that combine email and Web protection
with data-leak prevention capabilities, according to Fiaaz Walji, the Canadian
country manager for Websense.
Businesses and
computer users must take a more proactive approach to spam filtering and IT
security, Cluley said.
Runald said
the Canadian government might need to take action similar to what the U.S.
Department of Justice has done to shut down the Rustock and Coreflood botnets.
Email
Print
