Mexico is a recipient of cyberattacks. Along with Brazil, the country disputes the first places among those that more cyber attacks receive in Latin America. In the region, the number of cybersecurity incidents suffered by both ordinary people, companies and governments has multiplied by 10.
While the International Telecommunication Union put Mexico 11 places later in 2021 than in 2019 Within its ranking of the level of cyber protection of more than 150 countries, the analyzes of several companies of cybersecurity show that the country’s situation has not improved much compared to previous years. According to data from Fortinet, Mexico ranked first among cyberattack targets in Latin America in the first half of 2021, ahead of Brazil, Peru and Colombia.
The first Cybersecurity Report of the Internet Association in Mexico (AI.mx) is not promising either. According to this study, carried out by the organization that associates companies linked to the internet in Mexico, half of the internet users said he was a victim of a breach in the most recent 12 months. The main effects reported by the people attacked were:
- Information theft
- Fraud and financial loss
- Sensitive information leak
- Identity Theft
Neither the public sector, nor the private initiative, nor the public were saved in 2021 from having to deal with incidents of security Y cyberattacks That could affect your reputation, your credibility and even your finances. According Kaspersky, in Mexico there are 299 malicious infection attempts per minute, many of which manage to penetrate barriers with both the government, companies and individuals trying to protect their information and identity.
The ransomware, those attacks that seek to hijack the information or infrastructure of a target and then demand a ransom, was consolidated and became more sophisticated and lucrative in 2021. While 2020 was characterized by massive ransomware attacks that sought to affect the largest number of users who fell prey to cybercriminals, the strategy changed in 2021.
Many of these types of attacks had precise objectives within public and private institutions, with which cybercriminals were able to access privileged information and infrastructure.
Perhaps the most representative example of this type of attack in 2021 was the one suffered by the US pipeline operator in Colonial Pipeline.
The hijacking of the company’s infrastructure forced it to interrupt its operations for several days, which caused gasoline shortages in different parts of the United States. The company paid $ 5 million to have its infrastructure released.
In Mexico, something similar it happened with the National Lottery. The institution in charge of conducting games and draws in Mexico was the victim of the second ransomware attack against an institution of the government of Andrés Manuel López Obrador; the Avaddon ransomware operators stole information from the administrative area of the dependency for which they requested a ransom. Cybercriminals made different documents of the institution public, as part of a strategy to extort money from their victims, a technique that became common in 2021.
Credential theft and remote attacks
The National lottery It was not the only one of the Mexican government agencies that were affected by cyber attacks. The Inai, the autonomous body that guarantees transparency and personal data protection, suffered more than 27 million security incidents in mid-2021.
The most recent version of the National Transparency Platform (PNT), which is administered by Inai, was the target of this series of attacks that aimed to gain control of the platform to take advantage of its resources.
According to the cybersecurity firm ESET, attacks on the remote desktop protocol, with which cybercriminals looking for gain control of the infrastructure Of its victims remotely, they increased 704% in Mexico, which places them as the type of attack that grew the most in the country.
While in the case of Inai, the attacks against the National Transparency Platform were brute force attacks to control the platform’s infrastructure, another type of remote attacks, which in many cases escalated to ransomware attacks, can also be carried out through targeted phishing or spear phishing, that is, deceptions aimed at specific people whose credentials can help access information or through the exploitation of a vulnerability, according to the cybersecurity company Mnemo, in collaboration with Microsoft.
For example, in March 2021, Microsoft He alerted on his security blog of the exploitation of a vulnerability in his Exchange Server software on his clients’ servers (on premise). In Mexico, until 10,000 companies could be affected for this vulnerability.
According to a Citrix analysis, 60% of Mexican companies said they had suffered a cyber attack in the most recent year.