Cyber Criminals Are Targeting Latin America

In the last ten years, Latin America has changed from an analogue area to a predominantly digital one. But as its companies and governments speedily embrace the Internet, cyber security concerns as with most global areas is almost ignored.  The number of Internet users in Mexico, for instance, has grown by 13.4% annually since 2006, compared to a 3.3% annual increase in the United States. 

At the same time, the US spent considerably more on security solutions than all of Latin America combined, a discrepancy that experts anticipate will only widen in the coming years.

This dangerous combination of burgeoning networks and relatively lax cyber defences has, unsurprisingly, attracted the attention of sophisticated online threat actors, who are now targeting the region with advanced attacks. This has accelerated in recent months, with the Latin America region bombarded with a range of threats, from stealthy Trojans and silent PowerShell attacks to subtle cloud-based threats. 

Cyber-criminals are constantly innovating to compromise the personal information and intellectual property of the region's 630 million, increasingly digitised residents. Safeguarding them will require a new approach to digitisation — one that places cyber security at the very heart of the corporate network.

Polymorphic banking Trojan
At a Latin American financial services company, a corporate desktop was seen downloading an EXE file from a rare external hostname. Following this download, the device generated multiple failed authentications with the credential "administrator", an English word not frequently used in Spanish-speaking countries. The device then started sending rare EXE files with numeric names internally via SMB, before a few minutes later, multiple devices began beaconing to rare destinations never seen in the network before.

This type of activity is atypical for the company's unique users, devices, and network. A subsequent analysis revealed that it was a live copy of the polymorphic Emotet banking Trojan. Whereas the Emotet Trojan is notoriously difficult to spot, cyber-security approaches based on AI are able to understand a company's normal activity, allowing them to recognize Emotet's key behaviours as abnormal.

PowerShell Attack 
Elsewhere in Latin America, a desktop was seen downloading a Python script from a rare location in Malaysia. Neither the desktop in question nor any other internal devices had ever connected to the external destination before, an early indicator of cyber-threat that signature-based security tools would have missed. 

The script was downloaded from a domain that included apparently legitimate strings like "windows", but which was in fact not associated with Microsoft or other legitimate organisations.

Following the download, the device initiated an HTTP connection with the external destination using PowerShell, whereupon multiple company devices started communicating with this rare destination. But while this type of disguised attack has become popular among threat actors as a result of its ability to bypass traditional detection systems, the ability to detect anomalous network activity can help Latin American companies mitigate these threats.

Compromised SaaS 
At an international financial services firm based in Latin America, a Microsoft Office 365 user account that regularly authenticates from known Latin American locations suddenly started exhibiting unusual activity, authenticating many times from a rare IP address in Asia-Pacific. This is another situation that could be flagged by systems capable of anomaly detection, since the business has few ties to the Asia-Pacific region. This early detection of anomalous credential behaviour revealed a breach in the use of the corporate SaaS service, a breach that could have escalated to compromise other Office 365 users had the firm not caught it in its nascent stage.

Digitising with Diligence
In light of Latin America's rapid digitalisation and increasingly lucrative virtual assets, existing security vulnerabilities that were not significant several years, or even months, ago are now being exploited by cyber-criminals. Indeed, the high value of their potential compromises incentivises these criminals to create malware specifically tailored to Latin American targets, which promise to cause major disruptions, inflict significant financial and intellectual property losses, and entail incalculable reputational costs.

In this climate, it is imperative that companies and governments take a step back from their digital transformation projects to make cyber defence a core aspect of their organisation, rather than an afterthought. Only with AI-based defences at the centre of such projects can they durably shape the region's new economy.

IDG Connect

You Might Also Read:

The True Cost of Cybercrime in Brazil:

 

 

« Most Organisations Lack Cyber Resilience
Cannabis Buyers Are Uniquely Vulnerable To Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

Site24x7

Site24x7

Site24x7 is an all-in-one performance monitoring solution for Networks, Websites, Servers and Applications.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

Qufaro

Qufaro

Qufaro is a new initiative designed to make it simpler for those with career ambitions in cyber security to access the UK’s cyber-specific education and innovation opportunities.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

Global Lifecycle Solutions EMEA (Global EMEA)

Global Lifecycle Solutions EMEA (Global EMEA)

Global EMEA provides full lifecycle services to corporate Clients covering procurement, configuration, support, maintenance and end-of-life asset management.

The Legal 500

The Legal 500

The Legal 500 Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. Practice areas covered include Data Protection, Privacy and Cybersecurity.

Tracepoint

Tracepoint

Tracepoint provide full-service cyber incident response, remediation and recovery solutions for the most time-sensitive situation your company may ever face.

tTech

tTech

tTech is the first and foremost company providing outsourced Information Technology solutions to businesses in Jamaica.

Ekco

Ekco

Ekco is one of Europe’s leading managed cloud providers. With a network of infrastructure and security specialists across Europe, we’ve perfected our approach to supporting digital transformation.

Bluefin Payment Systems

Bluefin Payment Systems

Bluefin is the recognized integrated payments leader in encryption and tokenization technologies that protect payments and sensitive data.

MLSecOps Community

MLSecOps Community

The MLSecOps Community is a collaborative space for machine learning security experts and industry leaders to connect and shape the future of AI/ML security.

Red Helix

Red Helix

Red Helix (formerly Phoenix Datacom) is a market leader in network performance and cyber security.