Canada: New Tact Belligerent For Cybercrime

Canada is becoming a new breeding ground for cyber criminals, according to a report obtained by the Financial Post. According to the report by the cyber security company, Canada's reputation as a law abiding country is making it a preferred location from which to launch cyber attacks, with Canada ranking No. 6 worldwide among countries hosting cybercrime, up from 13th place last year.

In the past year, the number of .ca servers hosting phishing sites increased by 319% . This tremendous increase over the last 12 months is second only to Egypt in terms of the growth of sites hosting crimeware. Canada now sits just behind the United States globally in the number of servers hosting phishing sites, ahead of Germany, U.K. and France.

"And Egypt obviously came from pretty much nowhere, so it is easy for it to have a higher percentage increase," said Patrik Runald, senior security research manager.

"In all the other western countries like the U.S., France, the U.K. and Germany the number of servers are going down, whereas in Canada, for some reason, it is going up."

Canada also experienced a 53% increase in bot networks, or automated hacking networks, the only country that showed an increase in botnets over the past eight months.

Dan Hubbard, a chief technology officer, said it’s difficult to ascertain the reason behind the marked change in Canada’s threat landscape, but it may be related to the recent crackdown on cyber criminals in the U.S. organized at the federal government level. Also, hackers are probably on the move as IP addresses in China and Eastern Europe have recently undergone intense scrutiny.

The sort of attacks originating from Canada aren’t any different from what they may be in another country, said Hubbard. That said, the only difference, geography-wise, is cyber crime targeted at the banking sector. “You’re not going to go after a Russian bank in Canada,” said Hubbard. And, while cybercrime itself has not changed much across the years, Hubbard said it’s the level of sophistication that is different over time.

Just as some travellers like to tack a Canadian flag onto their knapsacks to take advantage of this country's reputation as a global good guy, the cybercriminals want to lull security systems and computers users into thinking their traffic is coming from Canada. Runald said often security systems automatically block traffic from suspect sources, but traffic from Canada isn't regarded as being in that category.

He said Canada's reputation as a safe place to do business, combined with its Internet infrastructure and high available bandwidth, makes this country a desirable hosting location. The shift doesn't mean cybercriminals are moving to Canada. The masterminds behind the cyber attacks infiltrate legitimate computers, both those of individuals and company servers, that give them a base from which to carry out their work.

In March, Symantec’s March 2011 MessageLabs Intelligence Report found that, in Canada, spam accounted for 79.4% of e-mail received, and malware accounted for 1 in 160.1 e-mails, according to the March 2011 MessageLabs Intelligence Report by Symantec Corp.

While the figures are a tad higher than the global spam rate, trends in Canada’s threat landscape have consistently followed rather closely the global rate, said Paul Wood, senior analyst for MessageLabs Intelligence with the Cupertino, California-based security vendor.

It is evident that government departments and organizations need to take proper measures to safeguard their network security to prevent cyber intrusions. One proven way to mitigate information security risks is through technical security training that will enhance the skills proficiency of the cyber security workforce. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.

Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.

The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.