Though there are countless studies examining the North American cyber-security landscape, few have taken a comprehensive look at what makes Canada’s fight against cyber crime unique.
No longer willing to assume that the cyber threats faced by Canadians are simply 10 per cent of those faced by Americans, security software provider Trend Micro recently produced an in-depth analysis of the Canadian threat landscape. Though the report provides as many questions as answers, the research found a number of elements that make Canada unique from the United States and elsewhere.
Malware infections, malicious IPs and ransomware
Ransomware, a malicious attack that locks users’ data until a ransom has been paid, has been on the rise over the past couple of years, at least in the U.S. Though it’s currently the leading threat south of the border, ransomware is not particularly common in Canada.
Furthermore, Canada is host to less malicious sites than most countries, with only 0.2 per cent of global traffic headed to malicious sites hosted in Canada, according to the report. With a ratio of nearly 1:1 between malicious IP addresses and malicious domains hosted in Canada, it’s clear that malicious sites are rarely hosted in Canada — though that doesn’t mean the country is immune to threats from elsewhere.
“We all hear the nice stories about small businesses in the middle of Canada having customers globally, because they can ship and take payments online,” said Mark Nunnikhoven, vice-president of cloud and emerging technologies for Trend Micro. “From a cyber crime perspective, the same is very true. You don’t have to restrict yourself to a geography; once you’re up and running you can commit crimes around the world quite easily.”
Nunnikhoven adds that it’s difficult to surmise where Canadian criminals are hosting their sites, but that malicious sites still exist in Canada despite the location of the perpetrator.
The Canadian underground
News reports in the U.S. highlight how easy it is to acquire illegal goods and services online, ranging from drugs and malicious software to hit men. Such is not the case within Canada’s underground cyber community, according to Nunnikhoven.
“What we found initially is that the comparable marketplaces in Canada are focusing more on credentials and documents and identity-focused products,” he said, adding that Canadian passports and credentials are sold for slightly less than U.S. credentials. “That raises a couple of questions for us: Is there a Canadian market for [drugs, hit men, etc.]? And if there is, are they simply getting those services from across the border?”
Nunnikhoven hopes such questions will be answered as the Canadian cyber threat landscape is studied more closely.
When it comes to cyber attacks against Canadian financial brands, it makes sense that TD Bank, which has four times the market share of its next competitor, is targeted four times as often. The outlier to the pattern, however, is Bank of Montreal, which has comparable market share with other Canadian financial institutions, aside from TD, yet is targeted nearly twice as often.
“Our banks do a very good job at cyber-security; this statistic is just simply what we’ve seen attackers targeting, but it doesn’t speak to success rates,” said Nunnikhoven. “The interesting thing is why is there is a disparity here for Bank of Montreal? And the answer is we’re unsure.”
Nunnikhoven also notes that Canadian credit card information is less valuable in the underground market. He credits a lower rate of financial cyber crime instances to stricter regulation, smaller population and the use of chip and pin technology in Canada.
Image courtesy of Free Digital Photos