Brazil is the second country that suffers the most cyber attacks in Latin America

This is a machine translation of Fortinet's press release

São Paulo, August 18, 2022 - Fortinet (NASDAQ: FTNT), a global leader in comprehensive, integrated and automated cybersecurity solutions, released data collected in the first half of 2022 by its threat intelligence lab, FortiGuard Labs .

Brazil suffered 31.5 billion attempted cyber attacks from January to June this year – a 94% increase over the same period last year (with 16.2 billion) – being the second most targeted country in Latin America, behind Mexico, with 85 billion, and followed by Colombia (with 6.3 billion) and Peru (with 5.2 billion). In total, the Latin America and Caribbean region has suffered 137 billion attempted cyber attacks.

In addition to the extremely high numbers, the data reveals an increase in the use of more sophisticated and targeted strategies such as ransomware. During the first six months of 2022, approximately 384,000 ransomware distribution attempts were detected globally. Of these, 52,000 were destined for Latin America.

Mexico was the country with the highest ransomware distribution activity in the period, with more than 18,000 detections, followed by Colombia (17,000) and Costa Rica (14,000). Peru, Argentina and Brazil appear next.

Furthermore, according to FortiGuard Labs, the number of ransomware signatures has nearly doubled in six months. In the first half of 2022, 10,666 ransomware signatures were found in Latin America, with only 5,400 seen in the last half of 2021.

“Ransomware attacks are affecting companies across industries, governments and even entire economies, with new variants constantly emerging from the hands of diverse international cybercriminal groups. This is due to the profitability and attention that this type of attack brings to criminals, making them more dangerous and causing great financial and image losses to their victims”, says Alexandre Bonatti, Director of Engineering at Fortinet Brasil.

The most active ransomware campaigns in the region during the first half of 2022 were Revil, LockBit and Hive. Conti ransomware, in turn, has been one of the most popular in the media due to the high impact it has had recently in Costa Rica.

Most active ransomware variants in Latin America in 2022

According to Fortinet, the ransomware market has become very professional in 2021, with a well-established business model. Threat actors employ independent services to negotiate the ransom of data, help victims make payments, and arbitrate disputes between cybercriminal groups. The WannaCry variant, for example, has a language translator and even a support chat.

“In addition to the increased use of Ransomware-as-a-Service (RaaS) – where ransomware creators give it to third parties in exchange for a monthly payment or taking part of the profits made – we have observed that some ransomware actors offer their victims 24/7 technical support service to expedite the payment of the ransom and the restoration of encrypted systems or data”, explains Arturo Torres, cybersecurity strategist at FortiGuard Labs for Latin America and the Caribbean. “In conclusion, we are seeing a remarkable increase in the dangerousness, sophistication and success rate of cyber threats. This type of risk can no longer be addressed with one-off or too complex cybersecurity solutions to manage. An integrated platform is needed that is simple and can prevent, detect and respond to threats in an increasingly automated way.”

Other highlights from the first half 2022 report:

• During this first semester, the most detected exploit technique in the region was related to the vulnerability known as "Log4Shell". This vulnerability allows remote complete code execution (RCE) on a vulnerable system.

• Web-based malware has been one of the most effective ways for adversaries to distribute HTML and/or Java Script-based malware, using millions of malicious URLs as distribution channels. Once infected, victims' devices can be taken over by criminals, who can use them to steal credentials, generate spam, and promote denial-of-service (DDoS) attacks, for example.

• On the other hand, a strong distribution of malware was also observed in the region through Office documents, mainly Excel, which allows the attacker to take advantage of the application vulnerability to execute instructions or gain access to the “.system” file.

• As we have seen throughout 2021, Mirai remains the most active botnet campaign in all Latin American countries. Mirai is IoT malware that causes infected machines to join a botnet used for denial-of-service attacks. This botnet campaign has been adapted to spread using recent vulnerabilities such as Log4Shell.

• Finally, it is important to mention that botnet campaigns like Bladabindi and Gh0st are still very active in countries in the region, allowing attackers to take full control of the infected system, record keystrokes, access the live web camera and microphone, download and upload files, etc.

How is this data obtained?

FortiGuard Labs continuously monitors the attack surface across Latin America and the Caribbean and, having more than 60% of the number of enterprise security appliances deployed in the region*, has unrivaled visibility in the market. Added to this are hundreds of alliances with industry entities and security agencies to share information, which further increases access to threat intelligence and, consequently, the accuracy of the data presented.

This unique visibility enables analysis of millions of cyberattack attempts per day. FortiGuard Labs threat hunters, researchers, analysts, engineers and data scientists analyze and process this information using artificial intelligence (AI) and other innovative technologies to mine this data for new threats. Through these capabilities, FortiGuard Labs permanently provides the IPS signatures needed by organizations to detect and mitigate these threats.

These efforts result in timely, actionable threat intelligence in the form of security product updates and proactive threat research to help organizations better understand and defend against threats.

The FortiGuard Labs report is prepared quarterly for Latin America and the Caribbean, based on information obtained daily in real time.