Cyber Criminals Are Targeting Latin America

Uploaded on 2019-07-25 in NEWS-Cybersecurity News, FREE TO VIEW

In the last ten years, Latin America has changed from an analogue area to a predominantly digital one. But as its companies and governments speedily embrace the Internet, cyber security concerns as with most global areas is almost ignored.  The number of Internet users in Mexico, for instance, has grown by 13.4% annually since 2006, compared to a 3.3% annual increase in the United States. 

At the same time, the US spent considerably more on security solutions than all of Latin America combined, a discrepancy that experts anticipate will only widen in the coming years.

This dangerous combination of burgeoning networks and relatively lax cyber defences has, unsurprisingly, attracted the attention of sophisticated online threat actors, who are now targeting the region with advanced attacks. This has accelerated in recent months, with the Latin America region bombarded with a range of threats, from stealthy Trojans and silent PowerShell attacks to subtle cloud-based threats. 

Cyber-criminals are constantly innovating to compromise the personal information and intellectual property of the region's 630 million, increasingly digitised residents. Safeguarding them will require a new approach to digitisation — one that places cyber security at the very heart of the corporate network.

Polymorphic banking Trojan
At a Latin American financial services company, a corporate desktop was seen downloading an EXE file from a rare external hostname. Following this download, the device generated multiple failed authentications with the credential "administrator", an English word not frequently used in Spanish-speaking countries. The device then started sending rare EXE files with numeric names internally via SMB, before a few minutes later, multiple devices began beaconing to rare destinations never seen in the network before.

This type of activity is atypical for the company's unique users, devices, and network. A subsequent analysis revealed that it was a live copy of the polymorphic Emotet banking Trojan. Whereas the Emotet Trojan is notoriously difficult to spot, cyber-security approaches based on AI are able to understand a company's normal activity, allowing them to recognize Emotet's key behaviours as abnormal.

PowerShell Attack 
Elsewhere in Latin America, a desktop was seen downloading a Python script from a rare location in Malaysia. Neither the desktop in question nor any other internal devices had ever connected to the external destination before, an early indicator of cyber-threat that signature-based security tools would have missed. 

The script was downloaded from a domain that included apparently legitimate strings like "windows", but which was in fact not associated with Microsoft or other legitimate organisations.

Following the download, the device initiated an HTTP connection with the external destination using PowerShell, whereupon multiple company devices started communicating with this rare destination. But while this type of disguised attack has become popular among threat actors as a result of its ability to bypass traditional detection systems, the ability to detect anomalous network activity can help Latin American companies mitigate these threats.

Compromised SaaS 
At an international financial services firm based in Latin America, a Microsoft Office 365 user account that regularly authenticates from known Latin American locations suddenly started exhibiting unusual activity, authenticating many times from a rare IP address in Asia-Pacific. This is another situation that could be flagged by systems capable of anomaly detection, since the business has few ties to the Asia-Pacific region. This early detection of anomalous credential behaviour revealed a breach in the use of the corporate SaaS service, a breach that could have escalated to compromise other Office 365 users had the firm not caught it in its nascent stage.

Digitising with Diligence
In light of Latin America's rapid digitalisation and increasingly lucrative virtual assets, existing security vulnerabilities that were not significant several years, or even months, ago are now being exploited by cyber-criminals. Indeed, the high value of their potential compromises incentivises these criminals to create malware specifically tailored to Latin American targets, which promise to cause major disruptions, inflict significant financial and intellectual property losses, and entail incalculable reputational costs.

In this climate, it is imperative that companies and governments take a step back from their digital transformation projects to make cyber defence a core aspect of their organisation, rather than an afterthought. Only with AI-based defences at the centre of such projects can they durably shape the region's new economy.

IDG Connect

You Might Also Read:

The True Cost of Cybercrime in Brazil:

 

 

« Most Organisations Lack Cyber Resilience
Cannabis Buyers Are Uniquely Vulnerable To Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

IntelliGO Networks

IntelliGO Networks

IntelliGO Networks is a cybersecurity company focused on Managed Detection and Response (MDR).

Odix

Odix

Odix security software neutralizes file embedded targeted cyber attacks before they enter your organization’s network.

Westermo Network Technologies

Westermo Network Technologies

Westermo designs and manufactures robust, resilient and secure data communications products for mission-critical industrial systems.

S21sec

S21sec

S21sec is a leading European pure play cybersecurity consultancy, services and solutions provider.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

RFA

RFA

RFA is a unique IT, financial cloud and managed cyber-security provider to the financial services and alternative investment sectors.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

Help AG

Help AG

Help AG provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security solutions and services.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

DC Two

DC Two

DC Two are a locally operated and supported Australian data centre, offering a suite of vertically integrated services covering every part of the data centre and cloud technology stack.

Kodem Security

Kodem Security

Our mission is to make AppSec simple. Meet the world’s first dynamic software composition analysis platform. Only Kodem uses runtime intelligence to determine application risk.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.

Pontiro

Pontiro

At Pontiro, we are enabling a new era of data-sharing. Bridging the gap between protected data and valuable insights through the use of cutting edge Homomorphic Encryption.