Cyber Criminals Are Targeting Latin America

Uploaded on 2019-07-25 in NEWS-Cybersecurity News, FREE TO VIEW

In the last ten years, Latin America has changed from an analogue area to a predominantly digital one. But as its companies and governments speedily embrace the Internet, cyber security concerns as with most global areas is almost ignored.  The number of Internet users in Mexico, for instance, has grown by 13.4% annually since 2006, compared to a 3.3% annual increase in the United States. 

At the same time, the US spent considerably more on security solutions than all of Latin America combined, a discrepancy that experts anticipate will only widen in the coming years.

This dangerous combination of burgeoning networks and relatively lax cyber defences has, unsurprisingly, attracted the attention of sophisticated online threat actors, who are now targeting the region with advanced attacks. This has accelerated in recent months, with the Latin America region bombarded with a range of threats, from stealthy Trojans and silent PowerShell attacks to subtle cloud-based threats. 

Cyber-criminals are constantly innovating to compromise the personal information and intellectual property of the region's 630 million, increasingly digitised residents. Safeguarding them will require a new approach to digitisation — one that places cyber security at the very heart of the corporate network.

Polymorphic banking Trojan
At a Latin American financial services company, a corporate desktop was seen downloading an EXE file from a rare external hostname. Following this download, the device generated multiple failed authentications with the credential "administrator", an English word not frequently used in Spanish-speaking countries. The device then started sending rare EXE files with numeric names internally via SMB, before a few minutes later, multiple devices began beaconing to rare destinations never seen in the network before.

This type of activity is atypical for the company's unique users, devices, and network. A subsequent analysis revealed that it was a live copy of the polymorphic Emotet banking Trojan. Whereas the Emotet Trojan is notoriously difficult to spot, cyber-security approaches based on AI are able to understand a company's normal activity, allowing them to recognize Emotet's key behaviours as abnormal.

PowerShell Attack 
Elsewhere in Latin America, a desktop was seen downloading a Python script from a rare location in Malaysia. Neither the desktop in question nor any other internal devices had ever connected to the external destination before, an early indicator of cyber-threat that signature-based security tools would have missed. 

The script was downloaded from a domain that included apparently legitimate strings like "windows", but which was in fact not associated with Microsoft or other legitimate organisations.

Following the download, the device initiated an HTTP connection with the external destination using PowerShell, whereupon multiple company devices started communicating with this rare destination. But while this type of disguised attack has become popular among threat actors as a result of its ability to bypass traditional detection systems, the ability to detect anomalous network activity can help Latin American companies mitigate these threats.

Compromised SaaS 
At an international financial services firm based in Latin America, a Microsoft Office 365 user account that regularly authenticates from known Latin American locations suddenly started exhibiting unusual activity, authenticating many times from a rare IP address in Asia-Pacific. This is another situation that could be flagged by systems capable of anomaly detection, since the business has few ties to the Asia-Pacific region. This early detection of anomalous credential behaviour revealed a breach in the use of the corporate SaaS service, a breach that could have escalated to compromise other Office 365 users had the firm not caught it in its nascent stage.

Digitising with Diligence
In light of Latin America's rapid digitalisation and increasingly lucrative virtual assets, existing security vulnerabilities that were not significant several years, or even months, ago are now being exploited by cyber-criminals. Indeed, the high value of their potential compromises incentivises these criminals to create malware specifically tailored to Latin American targets, which promise to cause major disruptions, inflict significant financial and intellectual property losses, and entail incalculable reputational costs.

In this climate, it is imperative that companies and governments take a step back from their digital transformation projects to make cyber defence a core aspect of their organisation, rather than an afterthought. Only with AI-based defences at the centre of such projects can they durably shape the region's new economy.

IDG Connect

You Might Also Read:

The True Cost of Cybercrime in Brazil:

 

 

« Most Organisations Lack Cyber Resilience
Cannabis Buyers Are Uniquely Vulnerable To Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

AA Certification (AAC)

AA Certification (AAC)

AAC provide ISO Quality Management System certification services including ISO 27001.

Visa

Visa

Visa is a global payments technology company that connects consumers, businesses and banks in more than 200 countries and territories worldwide.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

TUV Rheinland Group

TUV Rheinland Group

TUV Rheinland Group is a testing services company with nearly 145 years of technological experience. We help you to protect your systems comprehensively, proactively and permanently.

Blaze Information Security

Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience and international presence.

Aujus Cybersecurity

Aujus Cybersecurity

Aujas is a pure-play cyber security services company with deep expertise in Identity and Access Management, Managed Security and Security Testing services.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

Fastcomcorp

Fastcomcorp

Fastcomcorp offers a world-class proactive cyber security defense and risk management consulting. Including Darkweb monitoring and posture assessments.

North East Business Resilience Centre (NEBRC)

North East Business Resilience Centre (NEBRC)

The North East Business Resilience Centre is a non-profit organisation here to support businesses in the North East of England in protecting themselves from cyber crimes and fraud.

HORNE

HORNE

HORNE is a professional services firm supporting clients in public, private & government sectors nationwide.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Board of Cyber

Board of Cyber

Board of Cyber offers Security Rating: a fast, non-intrusive, continuous, 100% automated solution to evaluate the cyber performance of an organization.

WeVerify

WeVerify

WeVerify is a platform for collaborative, decentralised content verification, tracking, and debunking.