Fiaaz Walji (Canada) - Cyber Criminals Move Operations to Canada - 300 % Increase in Hosted Crimeware

As a Canadian, I was surprised to hear that cyber criminals are moving their operations to Canada, a country known for global citizenship, hockey, and great beer! But a recent analysis of Canada's cyber security risk profile clearly pointed to Canada as the new hot launching pad for cyber criminals.

Why? Partly because of our squeaky-clean reputation. IP addresses in China and Eastern Europe are highly scrutinized and undergo intense evaluation and filtering. So hackers are reacting by moving their networks to Canada. Given Canada's great internet infrastructure, bandwidth and clean cyber slate - it makes for an ideal host. Apparently, the word is out, and the ‘bad guys' are infiltrating legitimate computers across all provinces. The PCs in our homes and businesses are being remotely controlled and making Canadians unknowing cyber crime hosts. As a result, Canada's ranking for hosting cyber crime has dramatically increased from #13 in 2010 to #6 in 2011.

Websense took a deeper look and found all-time highs for both hosted phishing sites and bot networks. In the past 12 months, Canada saw a huge increase in the number of servers hosting phishing sites, jumping 319 % in the last year. This huge increase is second only to Egypt in terms of growth. In a recent analysis looking at the 10 top countries that host phishing sites between January and May 2011, Canada ranked number two, with our neighbors to the south taking the number one spot. The rest of the top 10 list is populated by Egypt, Germany, UK, Netherlands, Russia, South Korea, France, and Brazil.

In the past eight months, Canada also saw a 53 % increase in bot network activity. When compared to the countries I just listed above, Canada is the only country that showed an increase during that time. This further confirms that cyber criminals are moving their command and control centers to safer grounds here in Canada.

So what can you do to protect your business?

1. Protect outbound and inbound channels - Implement a technology that inspects and controls content over the web and email, your two primary communication channels. In today's borderless enterprise, it's not enough to defend against threats coming from outside your perimeter (a quaint concept in the mobile world). An effective solution must stop modern malware and provide visibility and control of corporate information both coming in and going out of an organization.

2. Understand what data is important to you and how you want to protect it. Understand what is important for your business, and what damage it would cause if it went missing. Implement an effective data loss prevention solution, so even if the bad guys get in, that doesn't mean they can walk out with your data. DLP solutions have been expensive and complex in the past, but now you can get channel-specific DLP (for email and web traffic) that will cover the majority of your needs at a very reasonable cost.

3. Make sure your enterprise is content-aware and content-secure. Blended and data-stealing attacks are on a meteoric rise. Mid-sized and large enterprise businesses (not to mention all of the government agencies) need a content security solution that identifies, classifies, and understands content on the fly - wherever it travels. Content security is crucial for defending against modern threats, which are written and tested to bypass traditional perimeter and endpoint security. It helps protect it from attack, theft, and misuse.

And, if you're a consumer, make sure you set your computer programs to automatically update. Cyber criminals go after the computer programs that you frequently use (i.e., Acrobat Reader, Flash) and find flaws that they can take advantage of. When a hole is discovered, developers put out a patch. Keeping all of your programs patched and updated regularly will help keep your computer a little healthier.

Also, be extremely wary of what you click on. Don't always trust the links your friends post on your Facebook wall or the search results that pop up on search engines. Cyber criminals are consummate imitators. So, don't click on every link that shows up on your Facebook page or Twitter stream.

Lastly, we have to protect our websites from becoming malware targets. Recent research shows that close to 80 % of malicious websites are legitimate sites that have been compromised. Basically, anyone with a personal website, blog or a business website could be hosting cyber criminal activity. Perform a code review to make sure that your websites aren't susceptible to SQL Injections, a common method for compromising sites.

Keep it safe Canada. By following these steps, we are one step closer to knocking cyber crime out of Canada's "most known for list" and putting hockey front and center once again. Go Habs!

By Fiaaz Walji, Canadian Country Manager, Websense



« Thomas Senger (UK) - Urban Myths: Will the Ultimate Goal of the Paperless Office Ever be Achieved?


Belinda Yung-Rubke (US) - Grocery Shopping and Application Performance Management »

Recommended for You

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Amazon Cloud looms over China: Bezos enters Alibaba home ground

Lewis Page gets down to business across global tech


Do you think your smartphone is making you a workaholic?