Targeted attacks, advanced technologies, artificial intelligence increasing criminals’ success rates

Latin America and the Caribbean experienced 41 billion attempted cyberattacks in 2020, according to Fortinet, a global leader in broad, integrated, and automated cybersecurity solutions.

Fortinet was announcing the results for the fourth quarter of 2020 and year 2020 consolidated data on attempted cyberattacks obtained by FortiGuard Labs, its threat intelligence research organisation that collects and analyses cybersecurity incidents around the world on a daily basis.

In October, November, and December, there were 21 billion attempted attacks across the region. During this period, phishing campaigns – emails with attached HTML files trying to redirect users to malicious websites – spread rapidly across Latin America.

Web-based malware has become the most common medium for distributing infected files, often acting as the gateway for ransomware.

Aside from the high volume of attempted cyberattacks, Fortinet said the most troubling element is the degree of sophistication and efficiency that cybercriminals are showing.

Many are using advanced technologies and artificial intelligence (AI) to develop targeted attacks with greater chances of success. In short, cybercriminals can now do more damage with fewer attempts.

“2020 demonstrated criminals’ ability to invest time and resources into more lucrative attacks, such as ransomware,” said Marcelo Mayorga, vice president, sales engineering for Fortinet Latin America and the Caribbean.

“They are adapting to the new era of remote work, using more sophisticated threats to deceive victims and gain access to corporate networks. We’re also seeing a trend toward peripheral attacks,with many criminals looking beyond core networks. The use of IoT devices and critical industrial environments are two examples of possible access points for criminals.”

According to Fortinet, the emergence of smart edges, or networks that adapt and expand according to user needs, will pose a new trend and risk in 2021.

These networks will create different attack vectors, allowing groups of compromised devices to work collaboratively to reach victims at 5G speeds.

“We must be alert to any suspicious emails or activity and implement all necessary controls on our personal devices to mitigate the risk of intrusion or a violation of company security policies; this should include regularly installing available updates from manufacturers,” recommended Mayorga.

“From a business perspective, this represents an increased need to add the power of artificial intelligence and machine learning (ML) to security platforms, which operate in an integrated and automated way across main networks, multi-cloud environments, branch offices, and remote workers’ homes.” 

OTHER KEY FINDINGS FROM THE Q4 2020 REPORT:

Phishing campaigns continue to be the main attack vector

Various Trojan campaigns were detected during this period. These carry out activities without the user’s knowledge and generally include establishing remote access connections, capturing keyboard input, collecting system information, downloading/uploading, files and placing other malware on the system. Infected assets can then perform denial of service (DoS) attacks and run or stop processes. The JS/ScrInject.B! malware was the most active in the region during Q4 2020.

Working remotely as a gateway to corporate networks 

Many malicious HTTP requests looking to exploit vulnerabilities in various home router products were detected, as these could allow attackers to execute arbitrary commands. This may become a trend as more people work from home with less protection and more access to corporate data.

A wave of attempts to exploit vulnerabilities

Numerous remote code execution attempts were detected against ThinkPHP and PHPUnit, a web framework many web developers use. The ThinkPHP vulnerability, which was revealed in 2018, allows attackers to gain access to servers and install malicious software. Updating servers regularly helps reduce the risk of exploits. As a preventative measure, those using ThinkPHP version 5 or earlier should update their serversor install manufacturer patches.

Botnets targeting IoT devices

The Mirai botnet, which targets IoT devices, has evolved robustly and become more widely used over the years,receiving increased interest from attackers looking to targetolder vulnerabilities in consumer IoT products. Mirai has become stronger, faster, tougher, and more evasive in recent months, adding new cyberweapons, such as an ability to exploit vulnerabilities found in web servers, to its arsenal. Aware that IoT devices are less protected, cybercriminals continue to take advantage of this reality. 

Older botnets remain active in Latin America

The most-detected botnets in Latin America continue to be Gh0st and Andromeda (also known as Gamaru and Wauchos) despite the fact that cybersecurity forces have been carrying out a major operation to eliminate it in December 2017. Again, applying manufacturer patches and installing regular updates is a critical aspect of security.