Last week I had the opportunity to speak at the Security Education Conference Toronto 2013 (SECTor). I love Canada; Toronto is an amazing city, and the conference was excellent.
During my session at the conference I discussed the threat landscape in Canada, based on data from various volumes of the Microsoft Security Intelligence Reports. Canada’s malware infection rate (CCM) has been consistently lower than the worldwide average for several years as seen in Figure 1. Canada’s malware infection rate increased (almost doubled) in the first quarter of 2013 (1Q13). Despite this increase, the malware infection rate in the United States was almost double Canada’s in the same time period – as it saw a similar increase. The infection rates in the United Kingdom and France were lower than Canada’s in the first half of 2013, which isn’t unusual.
Figure 1: The long term malware infection rate in Canada
Although Canada has enjoyed a relatively low malware infection rate, the types of threats encountered by technology users in Canada aren’t benign. As seen in Figure 2, Trojans, Exploits and Trojan Downloaders and Droppers have been the most prevalent threat categories encountered in Canada for past four quarters. Although Trojans are prevalent in many parts of the world, the relatively high levels of Exploits and relatively low levels of Worms are a contrast compared to many of the other parts of the world I have written about recently.
Figure 2: Threat categories encountered in Canada
The top ten threats encountered in Canada in 2Q13 are listed in Figure 3. Take note of the exploits in the list. The exploits encountered in Canada most in 2Q13 included CVE-2012-1723 and CVE-2013-0431, both of these are vulnerabilities in Oracle’s Java Runtime Environment, as well as Blacole, an exploit kit that attempts to exploit vulnerabilities in Adobe, Microsoft and Oracle products. The best defense against these exploits is to run the most recent version of all software and keep all of your software up-to-date with security updates. Remember, systems can have multiple version of Oracle Java running on them, all of which need to be kept up-to-date.
Figure 3: The top ten threats encountered in Canada in 2Q13
I mentioned earlier in this article that Canada’s malware infection rate almost doubled in 1Q13. This sharp increase was due to the increase in detections of two specific threat families in Canada. These two families are Win32/Sirefef (a rogue security software family distributed under the name Antivirus 2010 and others) and Win32/Alureon (a data-stealing Trojan). Running anti-malware software from a trusted vendor and keeping systems up-to-date with security update are two effective ways to defend against these threats.
Figure 4: Malicious website statistics for Canada
Attackers typically leverage compromised systems to host web-based attacks in the hopes of compromising more systems. Although Canada has a malware infection rate consistently lower than the worldwide average, there have been periods where the levels of malicious websites hosted in Canada have been above average, as seen in Figure 4.
Keeping all software up-to-date, including Microsoft, Adobe, Oracle Java, and other vendors’ software, will help protect systems in Canada against the relatively high levels of exploits users are encountering there. Installing anti-malware software from a vendor you trust and keeping it up-to-date will help defend against the Trojans and other threats that we see in Canada. Some anti-malware software options are available on Microsoft’s security partner webpage. Microsoft offers Microsoft Security Essentials to consumers for free and Windows 8 comes with full anti-malware software installed by default called Windows Defender.