Websense Report on Canadian Cybercrime Shows Increase in Advanced Malware and C&C Behavior, Decrease in Hosted Phishing
Websense, the publicly traded security firm that recently announced it would be taken private in a buyout, today released its third annual “Canadian Cybercrime Report Card”.
“Overall, we’re continuing to see growth in malicious Canadian websites,” the report said. “This could be because the tech barriers to creating a website continue to decrease, resulting in a large portion of today’s webmasters not securing their machines properly. It could also be the result of a hosting company or ISP compromise, which is most likely why the Isle of Man is ranked number five on this list.”
“Canadian cybercriminal activity is quickly evolving and taking on more nefarious forms,” said Carl Leonard, senior manager of security research for Websense. “Hackers are moving away from the broad ‘spam everyone’ approach because it only yields cents on the click. They’ve set their sights on much more targeted attacks where social engineering of the actual user can turn into millions of dollars in potential criminal profit.”
Key Findings from the report include:
• 25 percent increase in malware hosting: Malware hosting on Canadian websites increased 25 percent year-over-year. In the last three months, Canada claimed the number 10 position for all countries hosting malware. There are several reasons for this increase ranging from compromised ISPs to large-scale compromises of Canadian sites built on vulnerable content management platforms like WordPress.
• 83 percent increase in C&C hosting: In the last year, the number of C&C servers on Canadian soil has increased 83 percent and moved Canada to the eighth spot on the current 2013 global cybercrime list.
• 67 percent decrease in hosted phishing sites: Over the last two years, hackers and spammers have targeted Canada’s trusted soil and servers for hosted phishing sites. However, in the last year, phishing decreased by 67 percent. Even with the broad decrease in phishing sites, in the first quarter of 2013, Canada is currently fourth on the global cybercrime list for hosted phishing sites.
• Third largest volume of hosted advanced malware C&C servers: Websense monitored the type of advanced malware used in the most sophisticated corporate espionage incidents and found that Canada hosts a disproportionate volume of advanced malware command and control servers. In fact, last year Canada hosted the third largest volume of servers communicating with the type of highly sophisticated malware responsible for stealing valuable corporate data. That is ahead of Korea, Germany, Russia and even China.
Cybercriminals are shifting their activities to countries like Canada that have strong infrastructure and traditionally have had better cyberreputations, the report explained. While the perpetrators may not be in Canada, Canadians are aiding this problem by hosting these activities.
“Malware authors don’t do things that are predictable,” said Fiaaz Walji, Websense Canadian country manager. “They have more success with their malicious plots by disguising their transfers from a ‘trusted’ server in Canada, as opposed to Russia, China or other countries with established cybercriminal activity. Organizations need a unified solution that integrates web, data, email, mobile and cloud security to stop advanced data stealing attacks and secure IP better than their competitors.”
Websense also voiced concern over the lack of action from Canadian authorities and law enforcement, noting that malicious sites in Canada seem to stay up longer than in other countries.
“Different laws and resources impact these takedowns,” the report said. “However, it’s important to remember that takedowns take a long time—often 12 to 24 months. And, by this time, many cybercriminals have moved elsewhere. Therefore, long-term policies must be considered. The public and private sector need to work together to effectively make this happen.”
A full copy of the report can be downloaded here.