According to data collected by FortiGuard Labs, Fortinet’s threat intelligence laboratory, Mexico was the Latin American country that received the most attempted attacks (156 billion), followed by Brazil (88.5 billion), Peru (11.5 billion million) and Colombia (11.2 billion).
“The increase in volume, sophistication and effectiveness of cyber threats during 2021 has been remarkable, so organizations in the region must be better prepared with a comprehensive and automated security approach to prevent, detect and mitigate these risks that are putting the integrity of its operations is at stake,” explains Arturo Torres, Fortinet’s FortiGuard Labs cybersecurity strategist for Latin America and the Caribbean.
The 2021 report reveals that the countries of Latin America and the Caribbean are on a par with other regions and have been the target of nearly 10% of all cyberattack attempts that have occurred in the world in the last year.
An example of this was the Log4J vulnerability, one of the most used by attackers in the period, which allowed the complete remote execution of malicious code on vulnerable systems in the region. The Latin American countries that registered the most attempts for this exploration were Peru, Colombia, Argentina, Brazil and Mexico.
During the third quarter of 2021, the largest distributed denial of service (DDoS) attack in history took place, the threat arose from a variant of the Mirai botnet, targeting IoT devices, which launched more than a dozen DDoS attacks that exceeded several times 1 Tbps and hovered around 1.2 Tbps. Fortinet found that Brazil was the target of about 10% of these attacks, which represented some 500 billion DDoS attempts fired at that country.
In addition, attempts to install cryptocurrency mining tools were also detected in Argentina, the Dominican Republic, and Colombia.
Many of the threats to corporate cybersecurity reported during 2021 are closely related to the greater number of people connected to their jobs remotely. In the second half of the year, a considerable increase in the use of massive scanning techniques was detected in Latin America and the Caribbean, which allows a cyber attacker to identify vulnerabilities, gather information on breaches in vulnerable systems and thus carry out the selection of their goals based on their findings.
FortiGuard Labs has also detected a large number of remote code execution (RCE) attacks on IoT devices such as cameras, microphones, and home routers, allowing the attacker to take control of vulnerable enterprise systems. In this sense, Mirai continues to be the Botnet campaign that registers the most activity in all the countries of Latin America and the Caribbean. Mirai is a cyber threat targeting IoT devices that causes infected devices to join a network of botnets, which are used for DDoS attacks. FortiGuard Labs has reported a new Mirai variant spread via the Log4j vulnerability, which came to light in Q4 2021.
For their part, Argentina, Chile, Mexico, Peru and Panama have been the target of distributions of malware and Trojans focused on Microsoft Office applications, usually used for distance work and education.
Malware distribution through deceptive advertising, malicious websites, and phishing email campaigns remains the most widely used deception technique used by cybercriminals. Once victim devices are infected, attackers can hijack them and use them to commit cybercrimes such as credential theft and distributed denial-of-service attacks. Likewise, the use of information about COVID-19 and the recent Ómicron variant allowed the deployment of the RedLine Stealer botnet campaign in the fourth quarter of 2021, where attackers steal information from users and use it for malicious actions or sell it to future criminal activities.
“We continue to see that user awareness and training is essential to prevent attacks, especially those that use social engineering to trick people,” adds Torres. “In today’s work-from-anywhere model, where many people use personal devices and poorly protected home or public connections, criminals will continue to exploit these environments and seek out vulnerable resources to access corporate networks. This is where the zero-trust approach to controlling access and monitoring activity within the network makes the most sense.”
Through FortiGuard Labs, Fortinet continuously monitors the attack surface in Latin America and the Caribbean and, with more than 50% of the number of enterprise security appliances deployed in the region, gains unparalleled visibility in the market. Added to this are the hundreds of alliances with industry entities and security agencies to share information, which further increases access to threat intelligence and, consequently, the accuracy of the data delivered.
This unique visibility feature enables the analysis of millions of cyberattack attempts per day. FortiGuard Labs threat hunters, researchers, analysts, engineers, and data scientists analyze and process this information using artificial intelligence (AI) and other innovative technologies to mine data for new threats.
Building on these capabilities, FortiGuard Labs continuously provides the necessary IPS signatures for organizations to detect and mitigate these threats. The efforts result in timely and actionable threat intelligence in the form of security product updates and proactive threat research to help organizations better understand and defend against threats.
The FortiGuard Labs report for Latin America and the Caribbean is prepared quarterly, based on the information obtained daily in real time.