Fortinet, through its threat intelligence lab, FortiGuard Labs says data collected in the first half of 2022 has uncovered that the Latin America and the Caribbean region suffered 137 billion cyberattack attempts from January to June this year, a 50 per cent increase compared to the same period last year (with 91 billion)

Mexico was the most attacked country in the region (with 85 billion), followed by Brazil (with 31.5 billion) and Colombia (with 6.3 billion).

In addition to the extremely high numbers, the data reveals an increase in the use of more sophisticated and targeted strategies, such as ransomware. During the first six months of 2022, approximately 384,000 ransomware distribution attempts were detected worldwide. Of these, 52,000 were targeted for Latin America.

Mexico had the highest ransomware distribution activity in the period, with more than 18,000 detections, followed by Colombia (17,000) and Costa Rica (14,000). Peru, Argentina, and Brazil appear below.

Furthermore, according to FortiGuard Labs, the number of ransomware signatures has almost doubled in six months. In the first half of 2022, 10,666 ransomware signatures were found in Latin America, while only 5,400 were detected in the last half of 2021.

“We are experiencing a growth in ransomware variants, with different malicious actors and international cybercriminal groups affecting companies across industries, governments, and even entire economies. In addition to the increased use of Ransomware-as-a-Service (RaaS) – where ransomware creators deliver ransomware to third parties in exchange for a monthly payment or a portion of the profits made – we have seen some ransomware actors offer their victims 24/7 technical support services to speed up the payment of the ransom and the restoration of encrypted systems or data,” explains Arturo Torres, cybersecurity strategist at FortiGuard Labs for Latin America and the Caribbean.

Fortinet’s ransomware market became very professional in 2021, with a well-established business model. Threat actors use independent services to negotiate data ransoms, help victims make payments, and arbitrate disputes between cybercriminal groups. The WannaCry variant, for example, has a language translator and chat support.

The most active ransomware campaigns in the region during the first half of 2022 were Revil, detected mainly in Mexico, followed by LockBit and Hive. The Conti ransomware has been one of the most popular in the media due to its recent high impact in Costa Rica.

“In short, we are seeing a remarkable increase in cyber threats’ dangerousness, sophistication, and success rate. These digital risks can no longer be addressed with point o complex; it is necessary to have an integrated platform that is simple and can prevent, detect and respond to threats in an increasingly automated way,” added Torres.

Other highlights of the report for the first half of 2022:

• During this first half of the year, the most detected exploitation technique in the region was related to the vulnerability known colloquially as “Log4Shell”. This vulnerability allows remote complete code execution (RCE) on a vulnerable system. 
• Web-based malware appears to be one of the most effective ways adversaries distribute HTML- and JavaScript-based malware, using millions of malicious URLs as delivery channels to spread malware across the web. Once infected, victim devices can be taken over by adversaries, who can use them to commit cybercrimes such as credential theft, spam, and distributed denial-of-service attacks.
• On the other hand, Fortinet observed a strong distribution of malware in the region through Microsoft Office documents, primarily Excel, which allows the attacker to take advantage of the application’s vulnerability to execute instructions or gain access to the system. 
• Mirai is an IoT malware that causes infected devices to join a network of botnets used for Distributed Denial of Service (DDoS) attacks. As seen throughout 2021, Mirai is still the Botnet campaign with the most activity in all Latin-American countries. This botnet campaign has been adapted to spread using recent vulnerabilities such as Log4Shell. 
• Finally, it is worth mentioning that botnet campaigns such as Bladabindi and Gh0st are still very active in Latin-American countries, allowing attackers to take full control of an infected system, record keystrokes, and access the webcam live and the microphone, download and upload files and other nefarious activities.

How is this data obtained?

Through FortiGuard Labs, Fortinet continuously monitors the attack surface in Latin America and the Caribbean. With more than 60 per cent of the number of enterprise security appliances deployed in the region, it gains unparalleled visibility in the market.

Added to this are the hundreds of alliances with industry entities and security agencies to share information, further increasing access to threat intelligence and, consequently, the accuracy of the data delivered.

This unique visibility feature enables the analysis of millions of daily cyberattack attempts. FortiGuard Labs’ threat hunters, researchers, analysts, engineers, and data scientists analyse and process this information using artificial intelligence (AI) and other innovative technologies to mine data for new threats. 

Building on these capabilities, FortiGuard Labs continuously provides the necessary IPS signatures for organisations to detect and mitigate these threats. The efforts result in timely and actionable threat intelligence through security product updates and proactive threat research to help organizations better understand and defend against threats. 

The FortiGuard Labs report for Latin America and the Caribbean is prepared quarterly based on the real-time information obtained daily.