By any measure, the launch of CIRA Canadian Shield was a big success. While we knew a large percentage of .CA domain name holders and our cybersecurity customers would be interested in the service (we do our research too), we weren’t entirely sure what the rest of Canada would think.
Well, Canada answered the question loud and clear: they like it. Through the media articles, Reddit threads, blogs and tweets, we now have more than 80,000 active Canadian users of CIRA Canadian Shield. If you have been sitting on the fence, what are you waiting for – get set-up instructions here.
Protecting workers at home
Most Canadian Shield users are signing on to the “Protected” tier, which includes malware and phishing protection. With a record number of Canadians working from home right now, it makes sense that a free layer of cybersecurity protection would be popular.
Why is that you ask? For example, when Walmart announced its plan to turn parking lots into drive-ins, almost instantly, hackers began typo squatting. Zoombombing became a thing as soon as the service got popular, and, of course, phishing sites began using COVID-19 terms in their scams. Hackers love a crisis.
We saw a made-in-Canada version of this phenomenon the day after Prime Minister Trudeau announced plans for the government’s COVID-19 tracker app – hackers set up fake sites phishing for anxious Canadians to click and download ransomware thinking they were getting the real-deal. Here are a few other stats:
- The FBI has reported a 3-4x increase in cyber crime.
- Cloudflare reported a 37 per cent increase in attacks.
- Beauceron Security reported a 250-250 per cent increase in ransomware related scams
- CIRA saw a 39 per cent increase in threats being blocked at our hospital customers.
The typical Canadian Shield user
The typical user of CIRA Canadian Shield leans on the more technical side. It is simple to set-up, and we will continue to educate Canadians to take the time to consider their security and privacy, but the reality is that the more technical people are paying more attention to the risks.
Based on our user survey of early adopters, they are also mostly deploying it at the router and therefore are likely protecting less-technical family members.
So we decided to analyze the blocks on the service after the first three months to see what we could find out. For this analysis, we also removed the following users:
1) Those with huge query volume that can’t possibly be households. We don’t rate limit or block high volume users but the service is intended for Canadian households.
2) Those queries that didn’t originate in Canada. Over the last 30 days we resolved over 115 million queries per day from Canada, 10 million per day from the USA, and 160 thousand per day from the UK (to count the top three countries only). CIRA Canadian Shield is an open recursive service, so this was expected.
3) Infected machines. A LOT of blocked traffic originates from infected devices that just spam malware and malicious queries all over the place. This is a bit frustrating because CIRA Canadian Shield is a private service giving us no way to inform the user (because we don’t know who they are).
CIRA Canadian Shield users are 5x more likely to have a DNS query to a malicious site blocked by Canadian Shield while at home than they are at work
So what did we find?
1) Most of our users access the Protected service (70-90 per cent). The next popular tier is Family with a range of 5-20 per cent, followed by Private at 5-10 per cent. The reason for the ranges is that users add and remove the service almost daily, so the numbers fluctuate.
2) In an average 24-hour period, we see 3,534 lookups per user. If that seems high, you should know that no matter how many websites you visit per day your devices are likely doing hundreds of queries that you don’t know about. This includes things like smart speakers, lights, TVs, vacuums, etc. Secondly, many websites actually perform dozens of separate lookups per page as they access ad servers, analytics packages and other scripting services.
3) The average Canadian Shield user sees one malicious website block per day. We estimate our users based on the number of unique addresses visiting the service (since the service is private and we don’t capture user data). One block per user per day is actually a pretty high number when you consider it. Remember, it’s an average, so some people might be seeing a dozen blocks while others get none.
4) The difference between home and office use is stark. On our paid CIRA DNS Firewall service used by organizations, we typically see 0.2 blocks per user per day on non-educational networks. Our CIRA Canadian Shield users are averaging five-times more blocks per day than typical corporate use. Of course, there are other factors that might make a corporate environment more secure (such as additional layers of protection), and we have to assume that people are less likely to be engaged in risky behaviour at work.
5) And finally, a word on DNS encryption. It is a subject that I particularly love but that most Canadians don’t seem to know much about yet. Among our users, we peaked at 0.47 per cent of users implementing DNS over HTTPs (DoH) and 1.61 per cent using DNS over TLS (DoT) in a single day last month. Based on this breakdown, I suspect many of the DoT users are those who are using their own recursive resolvers at home and forward to us. For these people, the benefits of DoH are pretty small since they already have some DNS privacy by virtue of running their own software. If you don’t know what I am talking about – it is technical but I hope one day ubiquitous.
To conclude, CIRA Canadian Shield is seeing amazing up-take by Canadian households and it is delivering on its promise to help deliver a more trusted Canadian internet. The more people that surf safely the more we are all protected.