As the association of Eastern European and Chinese IP addresses with cybercriminals has led to blacklisting of addresses from those countries, the crooks are moving their sites to North America — in droves.A new report from security firm Websense finds strong evidence of this alarming new trend.
“Things are getting worse, not better,” said Patrik Runald, director, security research, Websense Labs.In Canada, we found an 170% increase from last year in phishing sites being hosted on Canadian servers, making Canada number two in the world for hosted phishing sites.”But that pales in comparison to the U.S., which saw a 300% increase and is now the top country in the world for these sites, by far.
“A lot more malicious content is now based in western, first world countries today,” Runald said. “Typical suspects 2-5 years ago were in eastern Europe which is dropping off because they developed a shady reputation. So traffic to and from servers in say Ukraine, were simply blocked by some admins, and vendor security products took location into account, making traffic from these countries much more likely to be blocked. So the operators of these sites moved to countries where traffic goes commonly, like the U.S. and Canada, where it is much harder to block for security reasons.”
The same trend is also showing up with Bot networks, and with malicious URLs.Canada saw a 39% increase in Bot networks this year, which Runald said was pretty average, especially when compared to the U.S. jump of 450% in the same category.”This stat doesnt mention the scale of the Botnet being used, and we are finding that 8-12 servers is now about average,” Runald said.
Malicious website increase was also high this year — about 300% in the U.S. and 239% in Canada.
“This was an amazing jump across the board,” Runald said. “And its the most dangerous catagory because you dont have to click on anything to get infected. This is also a moving target, as are Bot networks, while phishing is more static in the way it works.”Runald said the security vendors are generally able to cope because they do have massive amounts of data to work with. Websense alone has 3.5 billion pieces of data they scan every day.
“But the fact the numbers are going up quite dramatically is a worrying trend because theres more to deal with,” he said. “This is new. In 2010 and 2011 we did not see this kind of jump.”
Runald suggested that increasing criminal penalties for these kinds of crimes could have a significant impact.
“I don’t know why we arent doing it, but to be fair, no one else is either. I don’t think we are sending the right message here. Very often, they just get a slap on the wrist and get to go home. The Feds are doing a good job in cracking down, but it’s a drop in the ocean compared to what’s going on.”