Be careful what you phish for
- — 18 October, 2007 09:21
As technology continues to evolve, so do malicious attacks that are often associated with the Internet. According to some industry insiders, Canadians aren't aware of or taking these problems and attacks seriously enough.
A noted from Symantec's most recent semi-annual Internet Security Threat Report (ISTR), Volume XII, covering the period from January 1 to June 30 of this year, the country hosting the most phishing sites is the United States at 59 per cent, while Canada ranked in seventh place with just two per cent.
Dan Hubbard, vice-president of security research at Websense, says that where phishing Web sites are hosted isn't all that important from an attack standpoint.
"Canadians can be lured to Web sites that are being hosted in China or the U.S. as well as other places," Hubbard says. "Where the Web sites are hosted doesn't really matter. If you look at the number of users online and the amount of ISPs in the U.S., the U.S. dwarfs Canada because the sheer volume in the U.S. is bigger."
He explains it's hard for the U.S., especially its financial industry, to protect itself against phishing sites using a unified solution because there are so many more banks in the U.S. than there are in Canada.
"In the U.S., there are literally tens of thousands of banks all over the place, whereas you contrast that to Canada, and there are only five major banks," Hubbard said. "Because there are smaller groups of banks in Canada, it's much easier for them to standardize on a solution."
Michael Murphy, vice-president and general manager of Symantec Canada, says most of these Internet attacks are profit-driven.
"Attackers try to lure [people] outside of their trusted Web sites to go outside of a safe environment to a compromised one," Murphy said. "In many cases, attackers are compromising trusted entities such as well-known Web sites and financial Web sites to target users."
Websense Security Labs analyzes and investigates advanced Internet threats and Web sites on a 24 x 7 basis. Hubbard says weak infrastructures and poor take down practices are the factors that usually contribute to crimeware and other malicious activities.
Rosaleen Citron, chief executive officer at WhiteHat, an information technology security provider and also a reseller of third-party software and hardware products, says attacks and phishing threats in Canada is a serious problem.
"In the U.S. and Canada, 95 per cent of phishing attempts use financial Web sites," Citron said. "No one teaches anyone the rules of engagement when it comes to the rules of the Internet. If you're going to do any business over the internet, learn. People need to realize it's their brand being affected."
Hubbard says in addition to financial Web sites, those such as eBay and PayPal are also some of the top sites being phished. The online gaming space is another area that attackers are also using to seek out financial gain, in addition to the e-greeting card and Web 2.0 spaces.
The only way to protect yourself, says Hubbard, is to become aware and educated.
"On the consumer side, get a firewall on your computer and don't click on links you don't know," he says. "There are also simple banking practices to learn and most importantly, you want to make sure you're covered and that policies are in place."
Citron also adds that making sure that spam filters and spyware applications are in place will help with prevention.
Fiaaz Walji, country manager for Websense in Canada, says partners need to be sure they're being proactive when securing their customers.
"You can't afford not to have these kinds of solutions in place," Walji said. "From a Canadian perspective, we have five folks in the field now. We have about 100 partners in Canada and when you multiply that out by their offices and sales folk, you have quite a bit of reach here in Canada. We want to educate people on the dangers of these attacks because there is not enough awareness out there."
Websense also has a North American partner program to help support its partners and Walji says it's in everyone's best interest to want to work with the company.
"Partners want to provide the best solution to their customer," Walji said. "We're flexible with our partners, we have great support, sales and technical training and we also have high double-digit margins for our partners. All of the customers I've dealt with are pleasantly surprised when they see the amounts of money they can make. We haven't had any complaints from our partners when it comes to our margins."