As the association of Eastern European and Chinese IP addresses with cybercriminals has led to blacklisting of addresses from those countries, the crooks are moving their sites to North America – in droves.
A new report from security firm Websense finds strong evidence of this alarming new trend.
“Things are getting worse, not better,” said Patrik Runald, director, security research, Websense Labs.
In Canada, we found an 170% increase from last year in phishing sites being hosted on Canadian servers, making Canada number two in the world for hosted phishing sites.” But that pales in comparison to the U.S., which saw a 300% increase and is now the top country in the world for these sites, by far. “A lot more malicious content is now based in western, first world countries today,” Runald said. “Typical suspects 2-5 years ago were in eastern Europe which is dropping off because they developed a shady reputation. So traffic to and from servers in say Ukraine, were simply blocked by some admins, and vendor security products took location into account, making traffic from these countries much more likely to be blocked. So the operators of these sites moved to countries where traffic goes commonly, like the U.S. and Canada, where it is much harder to block for security reasons.”The same trend is also showing up with Bot networks, and with malicious URLs.
Canada saw a 39% increase in Bot networks this year, which Runald said was pretty average, especially when compared to the U.S. jump of 450% in the same category.
“This stat doesn’t mention the scale of the Botnet being used, and we are finding that 8-12 servers is now about average,” Runald said.
Malicious website increase was also high this year — about 300% in the U.S. and 239% in Canada.
“This was an amazing jump across the board,” Runald said. “And it s the most dangerous catagory because you don t have to click on anything to get infected. This is also a moving target, as are Bot networks, while phishing is more static in the way it works.”
Runald said the security vendors are generally able to cope because they do have massive amounts of data to work with. Websense alone has 3.5 billion pieces of data they scan every day.
“But the fact the numbers are going up quite dramatically is a worrying trend because there s more to deal with,” he said. “This is new. In 2010 and 2011 we did not see this kind of jump.”
Runald suggested that increasing criminal penalties for these kinds of crimes could have a significant impact.
A new report from security firm Websense finds strong evidence of this alarming new trend.
“Things are getting worse, not better,” said Patrik Runald, director, security research, Websense Labs.
In Canada, we found an 170% increase from last year in phishing sites being hosted on Canadian servers, making Canada number two in the world for hosted phishing sites.” But that pales in comparison to the U.S., which saw a 300% increase and is now the top country in the world for these sites, by far. “A lot more malicious content is now based in western, first world countries today,” Runald said. “Typical suspects 2-5 years ago were in eastern Europe which is dropping off because they developed a shady reputation. So traffic to and from servers in say Ukraine, were simply blocked by some admins, and vendor security products took location into account, making traffic from these countries much more likely to be blocked. So the operators of these sites moved to countries where traffic goes commonly, like the U.S. and Canada, where it is much harder to block for security reasons.”The same trend is also showing up with Bot networks, and with malicious URLs.
Canada saw a 39% increase in Bot networks this year, which Runald said was pretty average, especially when compared to the U.S. jump of 450% in the same category.
“This stat doesn’t mention the scale of the Botnet being used, and we are finding that 8-12 servers is now about average,” Runald said.
Malicious website increase was also high this year — about 300% in the U.S. and 239% in Canada.
“This was an amazing jump across the board,” Runald said. “And it s the most dangerous catagory because you don t have to click on anything to get infected. This is also a moving target, as are Bot networks, while phishing is more static in the way it works.”
Runald said the security vendors are generally able to cope because they do have massive amounts of data to work with. Websense alone has 3.5 billion pieces of data they scan every day.
“But the fact the numbers are going up quite dramatically is a worrying trend because there s more to deal with,” he said. “This is new. In 2010 and 2011 we did not see this kind of jump.”
Runald suggested that increasing criminal penalties for these kinds of crimes could have a significant impact.
As published in ConnectIT News
By: Mark Cox
Make sure that your information is secure! Check out our selection of Internet Security products by visiting our website at: Norton Internet Security Software