Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity

According to Websense, Canada has been seen as a prime target to move cybercrime operations into their network infrastructure. Here is a summary of Patrik Runald's blog and the complete post can be found here.

Jump in Hosted Phishing Sites - A 319% increase in the last year. The various site locations are shown here.
Increase in Bot Networks – Over the past 8 months, a 53% increase of bot Command and Control (C&C). When compared to the U.S., France, Germany and China, Canada is now 2nd for hosting bot networks.
Malicious Websites - Websense noticed a decline of malicious website, however, this decline is moving at a much slower pace in Canada
Overall Increase in Cybercrime - In the 2010 Websense Threat Report, Canada was #13 and is now #6 in 2011.

Have you noticed an increase in cybercrime activity from web servers hosted in Canada?


[1] http://community.websense.com/blogs/websense-insights/archive/2011/05/05/the-next-hotbed-of-cyber-crime-activity-is-canada.aspx
[2] http://www.websense.com/content/threat-report-2010-introduction.aspx?cmpid=prblog
 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

411 Posts
ISC Handler
Could this have anything with savvis.net blocking access to my server from Europe. (All other access also appears to be blocked.) Staring about the time this posting came out my network block 69.70.44.0 started being routed to trl-pos-0-3-2-0.chicago.savvis.net [204.70.192.101] and no further. Attempts to contact both savvis.net and my ISP have been unsuccessful.
Bill

2 Posts Posts
I am happy to report the problem has been traced to a broken line drop. Timing was co-incidental with the posting. It appears my ISP entirely stopped routing my netblock when the connection went down. savvis.net being the next hop back was the last reachable address. I will be following up when I return from Europe.
Bill

2 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!