Malware attacks from Canada on the rise

Fiaaz Walji - Websense

Websense Canada country manager Fiaaz Walji

There was once a time when Canadian Web servers were comparatively free of phishing attacks, botnet command and control centres and other malicious activity, but that’s not the case anymore.

Security vendor Websense has noted a dramatic uptick in the number of Canadian servers being used to run malware. Patrik Runald, senior manager for security research at Websense, said that in 2010, Canada was in 13th spot worldwide in terms of hosting “badness,” which he defines as a variety of malware and attacks including but not limited to phishing and botnet command and control centres.

This year, Canada’s number six with a bullet, and “the only country that’s really made a big move upwards,” according to Runald.

The most alarming increase is a 319 per cent jump in the number of phishing sites hosted here in Canada. That growth is second only to the growth in phishing that has been seen in Egypt (Ahhh… the unintentional consequences of democratization!), which was starting from “basically zero” last year, Runald said. The growth puts Canada in the number-two spot for phishing worldwide, behind only the United States, with which its large population and wide distribution of fast networks, ranks at or near the top of just about any security threat.

Canada has also seen a dramatic 53 per cent jump in the number of botnet command and control located in-country, bucking an otherwise downward trend as governments crack down on botnets, one of the most prevalent and malicious cyber-crime threats.

And Runald said that it’s likely to continue.

“We believe it’s a trend that will continue, and it really raised our eyebrows here in the labs as to why,” he said.

Why indeed?

Runald offers no hard-and-fast answers to that all-important question, but does offer some insights and estimations.

For one, he suggested that it’s an enforcement issue – as other jurisdictions get harsher on cyber-crime, those looking to perpetrate attacks are looking for locations that are not hunting them down quite as intently, but still offer quality network access, and Canada may just fit the bill. “The U.S. has had some high-profile takedowns, and has really ramped up in that regard,” Runald said.

For another, Canada may be increasingly attractive for malware attacks over traditional malware hotbeds like Eastern Europe because it’s harder for organizations to police. While North America-based companies can generally block out traffic to certain countries where malware is a problem, it’s unlikely that organization can afford to completely filter out Web traffic to and from Canada.

“They’re shifting their attentions to countries with better reputations,” Runald said.

While it’s key for site owners to be prepared to deal with the increasing challenge, end users also have to be aware of the rise of attacks based in Canada. Because if sites that are frequented by Canadians are infected, it stands to reason that more Canadians will face attacks.

So what can we do about it? Well, for one, Runald noted that the types of servers most typically infected are those run by SMB customers, so the channel has a big role to play in spreading the word about the threat and helping to mitigate it.

“This is an opportunity for education, for services, and for an upgrade to customers’ security posture in general,” said Fiaaz Walji, country manager for Canada at Websense.

The opportunity for the channel exists at both ends of the potential attacks, he suggested – site owners need to know how to make sure their site is clean and free and not infecting its visitors, while surfers need to understand the fundamentals of making sure their systems are patched and current, as well as education on common-sense issues when it comes to security.

On all of those issues, the channel has an important part to play. “This is where partners step in and figure out whether it’s something that can be addressed by education, by managed security services, by an improved security posture or by a combination,” he said.

Walji said Canadian government and law enforcement agencies are making progress in battling cyber-crime, as witnessed by the reference to creating a task force to combat it in the most-recent Throne Speech, a promise that’s more likely than ever to be realized following the Conservatives’ recent majority win. And Canadian Privacy Commissioners are “all over” that aspect of the problem, Walji said. Still, there’s room for improvement.

“The investment on the hacker side is growing, and we have to keep up with that investment on the enforcement side,” he suggested.

Runald said Canada’s “digital reputation” is not likely to take too much damage – unlike some smaller Easter European countries that can easily be “locked out” if they’re identified as frequent problem areas, Canada is too important a trading partner to the U.S. and other major countries worldwide, and Canada’s “signal to noise ratio” when it comes to good sites vs. malicious is still strong.