The Toronto-Dominion Bank was the most targeted Canadian brand by malware last year, according to a Trend Micro analysis of data gathered from customers of its products.
Senior threat researcher Natasha Hellberg wrote in a blog this week on the Canadian threat landscape that the second most predominately attempted brand of credential attempted to be captured was the Bank of Montreal, followed by CIBC.
The most prominent threat in Canada is the OpenCandy adware toolbar, she writes. “Users are tricked into installing this onto their machine, which is then used to also download malware onto it. Adware, infostealers and banking Trojans make up the balance of the commonly seen threats in Canada for the month of November 2015. ”
There is one conspicuous difference between reported malware here and the U.S.: ransomware. “Although ransomware currently a leading threat in the US, we did not see it as a particularly common threat in Canada in November 2015.”
While Canada is not a significant hoster of malicious sites, she notes, unlike other countries, the ratio of malicious IP addresses and malicious domains hosted is almost 1:1. “This indicates that malicious domains in Canada tend to be hosted on only one IP address and don’t move around or use multiple ones at the same time, as they do elsewhere.”
As for the location of attacks, they overwhelmingly originate from the U.S. However, because attackers can place command and control software anywhere around the world I’m not sure that’s a reliable number.
Finally, the report notes that while it is not as large or well-developed as other underground communities, there is a viable underground community here. “Unlike the US underground, it is primarily focused on the sale of fake/stolen documents and credentials. This includes both faked identification, such as driver’s licenses and passports, as well as stolen credit card and other banking information. It also includes credit “fullz” (complete dumps of an individual’s personal information), which include an individual’s credit reports and even their Apple ID credentials.”
And here’s what someone would have been charged recently:
The report also notes that criminals are charging more for Canadian credit and debit card data than for comparable American information, perhaps because cards here include chip and pin technology that makes them harder to make use of.