Cyber Criminals Are Targeting Latin America

Uploaded on 2019-07-25 in NEWS-Cybersecurity News, FREE TO VIEW

In the last ten years, Latin America has changed from an analogue area to a predominantly digital one. But as its companies and governments speedily embrace the Internet, cyber security concerns as with most global areas is almost ignored.  The number of Internet users in Mexico, for instance, has grown by 13.4% annually since 2006, compared to a 3.3% annual increase in the United States. 

At the same time, the US spent considerably more on security solutions than all of Latin America combined, a discrepancy that experts anticipate will only widen in the coming years.

This dangerous combination of burgeoning networks and relatively lax cyber defences has, unsurprisingly, attracted the attention of sophisticated online threat actors, who are now targeting the region with advanced attacks. This has accelerated in recent months, with the Latin America region bombarded with a range of threats, from stealthy Trojans and silent PowerShell attacks to subtle cloud-based threats. 

Cyber-criminals are constantly innovating to compromise the personal information and intellectual property of the region's 630 million, increasingly digitised residents. Safeguarding them will require a new approach to digitisation — one that places cyber security at the very heart of the corporate network.

Polymorphic banking Trojan
At a Latin American financial services company, a corporate desktop was seen downloading an EXE file from a rare external hostname. Following this download, the device generated multiple failed authentications with the credential "administrator", an English word not frequently used in Spanish-speaking countries. The device then started sending rare EXE files with numeric names internally via SMB, before a few minutes later, multiple devices began beaconing to rare destinations never seen in the network before.

This type of activity is atypical for the company's unique users, devices, and network. A subsequent analysis revealed that it was a live copy of the polymorphic Emotet banking Trojan. Whereas the Emotet Trojan is notoriously difficult to spot, cyber-security approaches based on AI are able to understand a company's normal activity, allowing them to recognize Emotet's key behaviours as abnormal.

PowerShell Attack 
Elsewhere in Latin America, a desktop was seen downloading a Python script from a rare location in Malaysia. Neither the desktop in question nor any other internal devices had ever connected to the external destination before, an early indicator of cyber-threat that signature-based security tools would have missed. 

The script was downloaded from a domain that included apparently legitimate strings like "windows", but which was in fact not associated with Microsoft or other legitimate organisations.

Following the download, the device initiated an HTTP connection with the external destination using PowerShell, whereupon multiple company devices started communicating with this rare destination. But while this type of disguised attack has become popular among threat actors as a result of its ability to bypass traditional detection systems, the ability to detect anomalous network activity can help Latin American companies mitigate these threats.

Compromised SaaS 
At an international financial services firm based in Latin America, a Microsoft Office 365 user account that regularly authenticates from known Latin American locations suddenly started exhibiting unusual activity, authenticating many times from a rare IP address in Asia-Pacific. This is another situation that could be flagged by systems capable of anomaly detection, since the business has few ties to the Asia-Pacific region. This early detection of anomalous credential behaviour revealed a breach in the use of the corporate SaaS service, a breach that could have escalated to compromise other Office 365 users had the firm not caught it in its nascent stage.

Digitising with Diligence
In light of Latin America's rapid digitalisation and increasingly lucrative virtual assets, existing security vulnerabilities that were not significant several years, or even months, ago are now being exploited by cyber-criminals. Indeed, the high value of their potential compromises incentivises these criminals to create malware specifically tailored to Latin American targets, which promise to cause major disruptions, inflict significant financial and intellectual property losses, and entail incalculable reputational costs.

In this climate, it is imperative that companies and governments take a step back from their digital transformation projects to make cyber defence a core aspect of their organisation, rather than an afterthought. Only with AI-based defences at the centre of such projects can they durably shape the region's new economy.

IDG Connect

You Might Also Read:

The True Cost of Cybercrime in Brazil:

 

 

« Most Organisations Lack Cyber Resilience
Cannabis Buyers Are Uniquely Vulnerable To Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

EC-Council

EC-Council

EC-Council is a member-based organization that certifies individuals in various e-business and information security skills.

Kudelski Security

Kudelski Security

Kudelski Security is an international cybersecurity company providing innovative, independent and tailored security solutions for large enterprise and public sector clients.

Apricorn

Apricorn

Apricorn provides hardware-based 256-bit encrypted external storage products to companies and organizations that require high-level protection for their data at rest.

Ikarus Security Software

Ikarus Security Software

Ikarus focuses on antivirus and content-security solutions.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

MAD Security

MAD Security

MAD Security is a premier provider of information and cybersecurity solutions that combine technology, managed security services, support and training.

LEADS

LEADS

LEADS is considered as a leading ICT Solution Provider and an IT partner of choice in Bangladesh.

BLOCKO

BLOCKO

BLOCKO is a blockchain specialized technology company that has experienced and achieved the largest amount of business in South Korea.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

Defscope

Defscope

Defscope is an Azerbaijani company entirely focused on cybersecurity offering training, security consulting, and other professional services.

Kontex

Kontex

Kontex is a Cyber Security consultancy creating resilient solutions. From Strategy, Advisory and Implementation to Management and everything in between.

Open Quantum Safe (OQS)

Open Quantum Safe (OQS)

The Open Quantum Safe (OQS) project is an open-source project that aims to support the development and prototyping of quantum-resistant cryptography.

Binalyze

Binalyze

Binalyze is the world's fastest and most comprehensive enterprise forensics solution. Our software helps you to collaborate and complete incident response investigations quickly.

Gathid

Gathid

Gathid is a unique and versatile identity governance platform providing organizations with the ability to model, explore, audit, and track complex access-related scenarios.

Veracity Trust Network

Veracity Trust Network

Veracity Trust Network safeguards organisations from the threat of bot attacks on their public facing platforms.