Websense monitored the type of advanced malware used in the most sophisticated corporate espionage incidents and found that Canada hosts a disproportionate volume of advanced malware C&C servers, coming in ahead of Korea, Germany, Russia and even China.
Websense’s third annual Canadian Cybercrime Report Card found that overall in fact there has been a full 83% increase in C&C hosting in the Great White North. In the last year, this spike in the number of C&C servers on Canadian soil has moved Canada to the eighth spot on the current 2013 global cybercrime list.
The issue? Canada’s unassuming nature. It’s never been considered a haven for criminals in the past, making it the perfect place to hide out. "Malware authors don't do things that are predictable," said Fiaaz Walji, Websense’s Canadian country manager, in a statement announcing the findings. "They have more success with their malicious plots by disguising their transfers from a 'trusted' server in Canada, as opposed to Russia, China or other countries with established cybercriminal activity.”
In general, the country has seen a 25% increase in malware hosting (of all sorts). In the last three months, Canada claimed the No. 10 position for all countries hosting malware. Websense said that there are several reasons for this, ranging from compromised ISPs to large-scale compromises of Canadian sites built on vulnerable content management platforms like Wordpress.
Over the last two years, hackers and spammers have targeted Canada's trusted soil and servers for hosted phishing sites. But in the last year, phishing decreased by 67%. Before this starts looking like a bright spot in the findings however, consider that even with the broad decrease in phishing sites, in the first quarter of 2013, Canada was fourth on the global cybercrime list for hosted phishing sites.
"Canadian cybercriminal activity is quickly evolving and taking on more nefarious forms," said Carl Leonard, senior manager of security research for Websense, in a statement. "Hackers are moving away from the broad 'spam everyone' approach because it only yields cents on the click. They've set their sights on much more targeted attacks where social engineering of the actual user can turn into millions of dollars in potential criminal profit."