The Latin American and Caribbean region suffered 137 billion cyberattack attempts from January to June this year, a 50% increase compared to the same period last year (with 91 billion). For its part, Panama suffered 163 million intrusion attempts.
Mexico is the most attacked country in the region (with 85 billion), followed by Brazil (with 31.5 billion) and Colombia (with 6.3 billion).
In addition to the extremely high numbers, the data reveals an increase in the use of more sophisticated and targeted strategies, such as ransomware. During the first six months of 2022, approximately 384 thousand ransomware distribution attempts were detected worldwide. Of these, 52 thousand were destined for Latin America.
Mexico was the country with the highest ransomware distribution activity in the period, with more than 18 thousand detections, followed by Colombia (17 thousand) and Costa Rica (14 thousand). Peru, Argentina and Brazil appear below.
Furthermore, according to FortiGuard Labs, the number of ransomware signatures has nearly doubled in six months. In the first half of 2022, 10,666 ransomware signatures were found in Latin America, while only 5,400 were detected in the last half of 2021.
“We are seeing a growth in ransomware variants, with different malicious actors and international cybercriminal groups affecting businesses across industries, governments, and even entire economies. In addition to the increased use of Ransomware-as-a-Service (RaaS) – where ransomware creators deliver ransomware to third parties in exchange for a monthly payment or a portion of the profits made – we have seen some ransomware actors offer their victims 24/7 technical support service to speed up the payment of the ransom and the restoration of encrypted systems or data”, explains Arturo Torres, cybersecurity strategist at FortiGuard Labs for Latin America and the Caribbean.
According to Fortinet, the ransomware market has become very professional in 2021, with a well-established business model. Threat actors employ independent services to negotiate data ransoms, help victims make payments, and arbitrate disputes between cybercriminal groups. The WannaCry variant, for example, has a language translator and even chat support.
The most active ransomware campaigns in the region during the first half of 2022 were Revil, detected mainly in Mexican territory, followed by LockBit and Hive. Conti ransomware, for its part, has been one of the most popular in the media due to the high impact it has recently had in Costa Rica.
“In conclusion, we are seeing a remarkable increase in the dangerousness, sophistication and success rate of cyber threats. These types of digital risks can no longer be addressed with one-off solutions or solutions that are too complex to manage, it is necessary to have an integrated platform that is simple and can prevent, detect and respond to threats in an increasingly automated way”, adds Torres.
Other highlights of the report for the first half of 2022:
· During this first half of the year, the most detected exploitation technique in the region was related to the vulnerability known colloquially as “Log4Shell”. This vulnerability allows remote complete code execution (RCE) on a vulnerable system.
· Web-based malware appears to be one of the most effective ways adversaries distribute HTML- and/or Java Script-based malware, using millions of malicious URLs as distribution channels to spread malware on the web. Once infected, victim devices can be taken over by adversaries, who can use them to commit cybercrimes such as credential theft, spam, and distributed denial-of-service attacks.
· On the other hand, a strong distribution of malware has also been observed in the region through Office documents, mostly Excel, which allows the attacker to take advantage of the vulnerability of the application to be able to execute instructions or gain access to the system.
· As we have seen throughout 2021, Mirai continues to be the most active botnet campaign in all Latin American countries. Mirai is IoT malware that causes infected machines to join a botnet used for Distributed Denial of Service (DDoS) attacks. This botnet campaign has been adapted to spread using recent vulnerabilities such as Log4Shell.
· Finally, it is important to mention that botnet campaigns such as Bladabindi and Gh0st are still very active in the countries of the Latin American region, allowing attackers to take full control of the infected system, record keystrokes, access the camera live web and microphone, downloading and uploading files and other nefarious activities.
How is this data obtained?
Through FortiGuard Labs, Fortinet continuously monitors the attack surface in Latin America and the Caribbean and, with more than 60% of the number of enterprise security appliances deployed in the region*, obtains a unique visibility in the market. Added to this are the hundreds of alliances with industry entities and security agencies to share information, which further increases access to threat intelligence and, consequently, the accuracy of the data delivered.
This unique visibility feature enables the analysis of millions of cyberattack attempts per day. FortiGuard Labs threat hunters, researchers, analysts, engineers, and data scientists analyze and process this information using artificial intelligence (AI) and other innovative technologies to mine data for new threats.
Building on these capabilities, FortiGuard Labs continuously provides the necessary IPS signatures for organizations to detect and mitigate these threats. The efforts result in timely and actionable threat intelligence in the form of security product updates and proactive threat research to help organizations better understand and defend against threats.
The FortiGuard Labs report for Latin America and the Caribbean is prepared quarterly, based on the information obtained daily in real time.
