A recent report from Websense shows the alarming rate of increase in cyber crime activity in Canada. While US still stands as the major hub of hosting phishing websites, Canada occupies second place followed by Egypt. Comparing with the Opendns report published recently on top countries hosting phishing websites in 2010, Germany falls back to forth position from second.
The following are top countries hosting phishing websites in first part of 2011 (i.e., January 2011 to May 2011):
- United States
- South Korea
The intense evaluation of IP addresses in China and Eastern Europe seems to be the major reason for the shift in cybercrime activities to Canada. Canada has now jumped to #6 position in the world, in terms of hosting cybercrime, from #13 in 2010.
The anti-spam law, been introduced in Canada recently in December 2010, will come into effect from September 2011. It was the last of the G8 countries to introduce its very own anti-spam law, which addresses a number of online threats, including spyware, malware, pharming, phishing and even gives individuals the private right to sue spammers.
Your online accounts stay safer as long as your passwords are stronger and secure. However, creating stronger passwords is not enough in today’s scenario where id theft is most prevalent. Handling of passwords is equally important as of creating strong passwords. The following are few blunders made by consumers in 2010, reported in a study from Internet security firm Webroot.
- Sharing or putting passwords in feasible reach of friends, acquaintances, etc. In 2010, 14% of the id thefts were committed by the people who were well-known to the victims.
- Using same password in multiple sites or multiple accounts. Another recent research study from University of Cambridge, reported that the password reuse rate among the stolen login information from two different websites, rootkit.com and gawker.com, with identical email addresses was around 31%. If a hacker manages to steal a user’s login info and password, there’s as much as a one-in-two chance that he can procure access to other secured accounts of the user.
- Not using special characters in passwords, which makes it easy to crack through.
- The answer to the security question (which people use when they forget their password) like birth date, pet’s name, is available openly in a social networking site.
- Not using secure connections while accessing sensitive information in unfamiliar computers or WiFi at public places. Over 86% were reported doing this blunder.
- Writing down the passwords and hiding them somewhere like a desk drawer.
These were few of the top mistakes committed by users while dealing with their passwords. If you find yourself committing in any of the above, its high time to correct it.
When it comes to security issues at organizational level, it is not dealing with malware that comes first but managing employees to use web in secure and efficient way. According to a report from MessageLabs Security Safeguard, the top 10 issues faced by IT managers of American companies are:
- Time wasting online: 86% of the IT managers surveyed said that they worry about employees wasting time in social networking and similar sites, which in turn saps the productivity and discourages honest people from disciplined web usage.
- Enforcing acceptable web usage policies: 53% of the IT managers found enforcing acceptable Internet usage policies in a consistent way, a challenge.
- Monitoring web usage: Effective monitoring of web usage and generating reports was another challenging issue for 52% of the IT managers.
- Keeping security systems up to date: Updating patches for typical software like in-house web filters, policy engines, spam and anti-malware systems and signatures for antivirus database was biggest management challenge for 49% of respondents.
- Addressing Legal risks: The accidental disclosure of confidential info online (57%) and employees visiting inappropriate or offensive websites (44%) are some legal risks, which the respondents found challenging to address.
- Internet bandwidth wastage: Around 44% of the respondents were concerned about wastage of internet for non-business related purpose like video streaming, social networking sites, etc., which affects the bandwidth availability for legitimate business purposes like email, web browsing and VPN connections.
- Protecting employees working from remote and home locations: 42% of the IT managers were concerned about the possibilities of infections spread by employees working from homes and remote locations via laptops or computers, who cannot be covered under the company’s firewall.
- Access to unauthorized web applications: 42% of the respondents found it challenging to restrict access to unauthorized web applications like personal mail, IM applications, etc., through which employees can upload company’s confidential information or access to services that are outside company control.
- Malware and spyware protection: With the increasing number of threats online, protecting the network from malware and spyware was a challenge for 40% of the IT managers.
- Protecting multiple locations: Around 19% (76% among companies with 500 employees or more) of the IT managers found it challenging to protect their company’s branches in multiple locations from online threats as well as inappropriate web usage of the employees.
A recent report from Symantec declared that spam volumes in January 2011 fell to the lowest levels, since March 2009. The spam volumes seemed to drop dramatically since 25th December of 2010 and continued its phase in January. The only time that spam volumes dropped by such a remarkable extent was after the closure of McColo, a California-based ISP in 2008, for being implicated in criminal and botnet activities.
Dramatic decline in spam levels
Spam, in January 2011, accounted only for 78.6% of the total email traffic. This was a 3.1% drop since December 2010 and a significant 65.9% lower compared to same period, a year ago. However, the spam rate is still alarming with 1 in every 1.3 mails being a spam one. The fall of the spam was credited to the apparent fall in activity of 3 major botnets – Rustock, Xarvester and Lethic.
Spam levels – Country wise for January 2011
- Oman – 88.8%
- China – 84.6%
- Hungary – 83.3%
- Luxembourg – 82.8%
- Kuwait – 81.9%
- South Africa – 80.0%
- US – 78.8%
- UK – 78.7%
- Canada – 78.3%
- Australia – 77.3%
Minute increase in phishing activity
One in 409.7 emails was found to comprise of a phishing attack in January 2011, said Symantec. This was a small 0.004% increase since December 2010. Phishing levels in US were 1 in 892.8 emails. South Africa was the most targeted geography by email phishing attacks with one in 51.7 emails blocked as phishing email. Other top targeted geographies by phishing emails are as follows:
- UK – 1 in 188.6 emails
- Canada – 1 in 204.6 emails
- UAE – 1 in 247.3 emails
- Oman – 1 in 248.4 emails
Increase in new malicious domains
Symantec message labs has identified an average of 2,751 malicious websites each day, in January 2011. Around 44.1% of them were identified to be new domains, a 7.9% increase from December 2010. These websites contained malware and other potentially unwanted programs including spyware and adware. 21.8% of all malware blocked on these sites was new. Another recent report from OpenDns said that 53.8% of all the phishing websites were hosted out of US.
Though email spam has decreased in volumes, web-based malware seems to increase in both volumes and coming up with new forms. The report suggests that organizations can combat the lurking threats by a policy-based security model. It is also important for users to choose an antivirus that is proactive in detecting malware and offers real-time updates for malware database.
Unites States stands as a major hosting hub of phishing sites, according to a report from OpenDns. According to the report, more than 60,000 separate attempts came from websites hosted in the U.S.
The following are top countries hosting phishing websites in 2010:
- United States — 53.8%
- Germany — 6.3%
- Canada — 5.2%
- United Kingdom — 4.8%
- France — 3.5%
- Russia — 2.9%
- China — 2.8%
- South Korea — 2.8%
- Italy — 2.5%
- The Netherlands — 2.4%
Percentages indicate the proportion of phishing sites verified in 2010 hosted in a given country.