Last month we released an exciting, new addition to our Cybercrime Underground Economy Series that focuses on North America: “North American Underground: The Glass Tank.” That report was our first detailed look into the cybercrime underground in both the United States and Canada.
In looking at activity in both the United States and Canada, though, it can be hard to see the ways in which Canadian cybercrime and the cybercrime underground are different and unique from the United States. Because of that, we’ve just released a supplement by one of our Canadian threat researchers, Natasha Hellberg that focuses exclusively on Canada: “What About Canada, Eh? – The Canadian Threat Landscape.” In this supplement we give a unique view into the current threats and threat trends affecting Canada (and only Canada) from a Canadian perspective.
In the report we find that Canadian threat trends are related but different from those in the United States. For instance, just like in the United States there is a cybercrime underground in Canada. But, the Canadian cybercrime underground is smaller and focuses primarily on trafficking in counterfeit and stolen documents and credentials.
Another thing that characterizes the Canadian underground is the absence of certain goods or services that we see in other undergrounds, particularly the United States. For instance, we see a decided lack of offerings for malicious hosting services, toolkits and other attack tools, and violent crime offerings. In the case of malicious hosting services and toolkits, it seems that other cybercrime undergrounds (like the United States) fill the market need sufficiently. In the case of a lack of violent crime offerings, this may reflect the fundamental cultural and political differences between the United States and Canada where it comes to violence and crime.
It’s worth noting that the predominance of the United States in offering malicious hosting services in North America also means that the United States is Canada’s biggest exporter in terms of malicious activity. As our researcher notes, attacks against users in Canada come from sites hosted in the United States significantly more than from any other country by a very significant margin.
In terms of the threats that Canadians face, by far the most significant threat we’ve seen recently is from the OpenCandy adware toolbar. As is typical of adware, this is not just a threat itself but can be used by attackers as a means to get other threats on to compromised systems. In terms of malware, DRIDEX, the notorious online banking malware is the top malware affecting Canadians currently. One piece of good news, though, is that Canada is relatively unaffected by the recent resurgence in ransomware that has plagued so much of the world, especially the United States.
Of course, if you’re going to target Canadians’ credentials for sale on the Canadian cybercrime underground that means you’re going to target Canadian brands. We’ve listed out the Canadian brands that are most targeted by malware targeting Canadians. Unsurprisingly, the top five targeted Canadian brands are the top five banks in Canada. Interestingly though, while Royal Bank of Canada (RBC) is the largest bank in Canada, it’s at the bottom of the list of targeted banks at number five. Toronto-Dominion bank, Canada’s number two bank is the top targeted brand with Bank of Montreal, Canada’s number four bank, the second most targeted brand. Banks clearly predominate the targeted brands with the top 14 targeted brands all being Canadian financial institutions. It’s only at number 15 with Koodo Mobile that we see a Canadian brand that’s not a financial institution being targeted. Rogers, another Canadian communications company, rounds out our list of top targeted Canadian brands at number 16.
There are more details in the full posting on our Security Intelligence blog. And for a full picture of all of the North American underground, you can read the full report “North American Underground: The Glass Tank” as well.
This supplement gives us one of the fullest, exclusive views into the Canadian threat landscape and cybercrime underground yet. It shows how Canada’s unique national character is reflected in its unique cybercrime underground. It also shows how Canada’s largest neighbor, the United States, has a significant impact in shaping both the Canadian cybercrime underground and threat landscapes. For those who are Canadian (or wish they were) or want to understand Canada’s unique place in the global cybercrime underground, this supplements is an important read as part of our overall Cybercrime Underground Economy Series.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.