Canada Becomes Second-Largest Source of Phishing, Malware, Botnet Activity
Cyber-criminals appear to be on the move, switching from Chinese and Eastern European IP addresses in favor of Canadian ones, according to security researchers.
An increasing number of malicious traffic and botnets is originating from servers based in Canada, Patrik Runald, a senior manager of security research at Websense, wrote May 9 on the Websense Insights blog. This may be because many Web security services and security products scrutinize traffic originating from China and Eastern Europe more carefully for malicious activity, the researchers said.
In contrast, Canada has a better "cyber-reputation," and traffic from those servers may be regarded with less suspicion.
"Cyber-criminals are taking advantage of Canada's clean cyber reputation, and moving shop," Runald told eWEEK.
More malicious content is being hosted in Canada than ever, according to Runald. The number of phishing sites hosted on Canadian servers has more than quadrupled over the past year, making Canada the second-largest source of this kind of attack. Only Egypt had a greater growth rate in terms of sites hosting crimeware. The United States remained the biggest source of phishing attacks, but Canada was close behind, followed by Egypt, Germany and the United Kingdom.
The number of botnets active in Canada also jumped 53 percent in the past eight months to an "all time high," according to Websense. The top five countries hosting botnets were the United States, Canada, France, Germany and China. Canada was the only country that showed an increase in bot networks over that time period, according to Websense.
Researchers measured botnet activity by counting command-and-control servers based in the country.
While the number of malicious Websites declined in general worldwide, Canada had a slower rate of decline, compared with other countries, Runald said. As a result of the increase in malicious networks and servers with Canadian IP addresses, Canada is now the sixth-largest source of cyber-crime. In comparison, the country ranked thirteenth in 2010.
"All trends pointed to Canada as the new launch pad for cyber-criminals," Runald said.
There doesn't appear to be a lot of spam originating from Canada, however, according to the latest "dirty dozen" report from Sophos. The list of top 12 spam-relaying countries for January to March included the United States, India, Russia and several European countries, but not China or Canada. That's not to say there is no spam coming from Canada; it's just not in the top 12.
"Because virtually all spam is sent from compromised PCs, it's a pretty good indication of where the botnets have got the tightest hold," Graham Cluley, a senior technology consultant at Sophos, wrote May 11 on the NakedSecurity blog.
Businesses need to be able to defend against attacks coming from an unexpected direction. Organizations should be implementing security measures that combine email and Web protection with data-leak prevention capabilities, according to Fiaaz Walji, the Canadian country manager for Websense.
Businesses and computer users must take a more proactive approach to spam filtering and IT security, Cluley said.
Runald said the Canadian government might need to take action similar to what the U.S. Department of Justice has done to shut down the Rustock and Coreflood botnets.