Canada New Breeding Ground For Cyber Crime

By Author: Apple Tan
Total Articles: 68
Comment this article

Cyber criminals are on the move again, and Canada is the preferred relocation haven. An American-based internet security company recently conducted an analysis of Canada’s cyber security risk profile, and all trends pointed to Canada as the new launch pad for cyber criminals. IP addresses in China and Eastern Europe are highly scrutinized and undergoing intense evaluation. Hackers react by moving their networks to countries like Canada that have cleaner cyber reputations.
According to the study, Canada saw a huge increase in the number of servers hosting phishing sites, jumping 319 percent in the last year. This tremendous increase over the last 12 months is second only to Egypt in terms of the growth of sites hosting phishing – but the US is still at number 1.
"And Egypt obviously came from pretty much nowhere, so it is easy for it to have a higher percentage increase," said Patrik Runald, a senior security research manager. "In all the other western countries like the U.S., France, the U.K. and Germany the number of servers are going down, whereas in Canada, for some reason, it is going up."
“More ...
... malicious content is being hosted in Canada than ever before,” said Runald. “Cyber criminals are taking advantage of Canada’s clean cyber reputation, and moving shop. We’re seeing all time highs for both hosted phishing sites and bot networks. It is important for Canadian citizens to be extra vigilant on the Internet, taking extra precautions when clicking on links.”
Cyber criminals are moving their command and control centers to safer grounds. In the past eight months, Canada saw a 53 percent increase in bot networks. Canada is the only country that showed an increase in bot networks over the last eight months.
The report also stated that hackers may be shying away from the United States due to a series of recent cyber crackdowns. The most recent bust happened last month, when U.S. law enforcement officials seized data servers in five states believed to have been a part of the infamous "Coreflood" botnet.
Before it was shut down, the automated computer hacking network infected as many as two million computers around the world, stealing passwords and other user information in order to commit fraud and theft ranging into the millions of dollars. "We haven't really seen the same amount of activities from the Canadian authorities," said Runald.
Some 80 per cent of the servers hosting cybercrime are compromised legitimate servers. "These could be businesses, home users, anyone with a personal website, a personal blog, websites for businesses," said Runald.
He said the cyber criminals keep their work well hidden. As a result, they can control the computing power remotely while remaining undetected, particularly with individuals and medium and small businesses that don't have a security IT staff to monitor such things.
"Unless you know what you are looking for, it's really hard to find," said Runald.
The attackers can access a server to carry out their attacks by inserting tiny bits of code in a web page, as few as 50 characters in 5,000 lines of text. "All it takes is one single line of code and they can use that server for whatever they want," said Runald. "That line of code means every visitor to that website will do something the attackers want."
It is evident that government departments and organizations need to take proper measures to safeguard their network security to prevent cyber intrusions. One proven way to mitigate information security risks is through technical security training that will enhance the skills proficiency of the cyber security workforce. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). 
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced IT security trainings for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing, malware analysis, advanced social engineering, cryptography, digital mobile forensics training, and web application security, among others information security training.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).