Cyber-crime in Canada

One Comment

Yesterday, Websense released its third annual Canadian Cybercrime Report Card, and the findings are not encouraging. Cyber-criminal activity is on the rise in Canada and it’s becoming more sophisticated.

Let’s be clear about one thing – the Websense report does not refer to .CA. It is referring to websites hosted in Canada. As the registry for the .CA top-level domain, security is our top priority at CIRA. The brand values for .CA we promote – safe, secure, trusted – are words we live by every day. And we work hard to ensure the safety and security of .CA.

Websense’s report raises a number of troubling points. Canada now ranks tenth in the world for websites hosting malware (that’s up 25 per cent over last year). There is good news, sort of. There has been a 67 per cent decrease in phishing sites hosted in Canada in the past year. Unfortunately, even with this decrease, we still rank tenth in the world. Most disturbing is the fact that there has been an 83 per cent increase in hosting advanced malware. This advanced malware is highly sophisticated and is used to target and steal corporate data.

Why has Canada become a destination for malware hosting?

The authors of the report posit that the bad actors, those that are creating the malware, do not want their malicious plans to be predictable (like they would be if they were hosted in Russia of China). Rather, Canada is considered safe and therefore trusted. Their success rates are higher if the malware originates from a trusted server in Canada than in other parts of the world.

You can access the full report here (PDF).

What does the report mean for us who live and breathe in the Internet ecosystem? Canada is not immune to malicious activity online. In fact, Canada is increasingly becoming a host for malware. While I am less than pleased that so much criminal activity is hosted within our own borders, what bothers me the most is the fact that some bad actors are taking advantage of our reputation as a safe place to host websites

Clearly, we all need to do more. The security of the Internet is the responsibility of those who use it just as much as it is for governments, registries like CIRA, and other Internet stakeholders.

Make sure your anti-virus software on your computer is up-to-date. Always install operating system updates. Don’t open attachments in emails if you don’t know the sender. For more tips on how to stay safe online, check out these tip- sheets we developed with the Ottawa-based MediaSmarts.

At CIRA, we will continue to ensure .CA remains one of the safest top-level domains in the world. That work includes partnering with other organizations (like we did with the DNSChanger virus) and implementing measures to make the .CA registry even more secure.


Share on Tumblr
  • Cristina :)

    Agree … very alarming!

    I’d like to thank you, too, because I really appreciate the 2013 Cybercrime Report Card you shared — so much could be learned even before I got to the last page. I, especially, agree with the point raised about ISPs committing to more stringent policies on screening, monitoring, and taking the bad guys offline because ISPs are among the very lifeline of the cybercrime — without a medium, the bad guys get cut off instantly.

    Something I remember, too, when you mentioned anti-virus and other security measures. I’ll just share my 2-cents worth :)

    I’ve been subscribed to Norton for years. A year ago (or so), when I added more domains to my account that sort of “brand” into one name (say,,,,, and, I noticed that when one does a search on my domain name (with their Norton Safe Web search enabled), my site comes out with a grey mark … suggesting it hasn’t been tested, yet, as a SAFE website. I had to submit my site for testing before it was finally declared safe. Only when my site passed their procedure did they give my domain the Norton golden yellow mark.

    Whereas, the Report Card indicates that cybercrime is not limited to just visiting an unsafe website, I was just contemplating on the possibility of a similar procedure wherein virtual bases that are being set up using hosts in Canada can be submitted for “testing” before they get operational (i.e., launched online). Then, when they become operational, a “re-testing” gets done automatically (say, by the ISP) to monitor malware presence … something like that. Actually, it’s but a concept based in part on the analogy of what I went through Norton to remove my site’s grey mark. Probably, not a very good analogy … but it’s a concept, nevertheless. Like I said, just my 2-cents worth :)