Canada is becoming a harbour for cybercrime as hackers move their operations away from servers in China and eastern Europe, according to a report from the U.S.-based security firm Websense.
There was a 319 per cent surge in the number of Canadian servers hosting phishing sites in the last 12 months, even as most countries saw their numbers decrease, suggests a new report from Websense, which is based in San Francisco and has offices in Toronto, Ottawa, and Montreal.
Canada now finds itself second on the list of countries that host the most phishing sites, which attempt to trick users into handing over their personal information, passwords or banking data.
The number of bot networks — large numbers of infected computers that can be controlled by hackers remotely and used for malicious purposes — also rose by 53 per cent in Canada in the last eight months.
Canada is sixth worst on Websense’s overall list for hosting all types of cybercrime exploits, compared to 13th last year, said Patrik Runald, the company’s senior manager of security research.
“That doesn’t mean the bad guys are in Canada, it doesn’t mean the affected users are in Canada, but it means the Canadian infrastructure is being used to attack against someone in the world,” Runald said in an interview.
Hackers have been moving their operations away from foreign servers since network administrators could identify suspicious traffic originating from those places and minimize security threats, Runald explained.
“In the past they’ve hosted a lot of it in eastern Europe —Lithuania, Ukraine and Turkey — and we’ve seen it shift to where they’re now trying to host this content on servers in countries with better (security) reputations … and therefore their attacks will be more successful because obviously you can’t (just block all) Canadian websites from Canadian users.”
In most cases, network administrators have no idea that there’s illegal rogue content hiding on their servers and it’s only detected when someone reports it, Runald said.
“About 80 per cent of (the cybercrime scams) are on compromised legitimate web servers, web servers that are used for something else like hosting a website for a company, or for a home user for a blog,” he said.
“The attacks we’re tracking today are so advanced they’re really hard to find unless you know exactly what you’re looking for.”
Most hackers continue to prefer servers in the United States for their attacks, but recent investigations there may have contributed to the rise of cybercrime in Canada, Runald said.
“We haven’t seen too many (high-profile busts) in Canada and maybe that’s part of the reason why they’re looking at Canada to be a place to host all of their content,” he said.
“Some of the high-profile takedowns that have happened in the U.S. in the last few months had been in place for over 18 months. So since this trend is reasonably new in Canada we might not see —even if authorities start working on it right now — the effect for another 12 to 18 months.”