
Brazil is the second country that suffers the most cyber attacks in Latin America
This is a machine translation of Fortinet's press release
São Paulo, August 18, 2022 - Fortinet (NASDAQ: FTNT), a global leader in comprehensive, integrated and automated cybersecurity solutions, released data collected in the first half of 2022 by its threat intelligence lab, FortiGuard Labs .
Brazil suffered 31.5 billion attempted cyber attacks from January to June this year – a 94% increase over the same period last year (with 16.2 billion) – being the second most targeted country in Latin America, behind Mexico, with 85 billion, and followed by Colombia (with 6.3 billion) and Peru (with 5.2 billion). In total, the Latin America and Caribbean region has suffered 137 billion attempted cyber attacks.
In addition to the extremely high numbers, the data reveals an increase in the use of more sophisticated and targeted strategies such as ransomware. During the first six months of 2022, approximately 384,000 ransomware distribution attempts were detected globally. Of these, 52,000 were destined for Latin America.
Mexico was the country with the highest ransomware distribution activity in the period, with more than 18,000 detections, followed by Colombia (17,000) and Costa Rica (14,000). Peru, Argentina and Brazil appear next.
Furthermore, according to FortiGuard Labs, the number of ransomware signatures has nearly doubled in six months. In the first half of 2022, 10,666 ransomware signatures were found in Latin America, with only 5,400 seen in the last half of 2021.
“Ransomware attacks are affecting companies across industries, governments and even entire economies, with new variants constantly emerging from the hands of diverse international cybercriminal groups. This is due to the profitability and attention that this type of attack brings to criminals, making them more dangerous and causing great financial and image losses to their victims”, says Alexandre Bonatti, Director of Engineering at Fortinet Brasil.
The most active ransomware campaigns in the region during the first half of 2022 were Revil, LockBit and Hive. Conti ransomware, in turn, has been one of the most popular in the media due to the high impact it has had recently in Costa Rica.
Most active ransomware variants in Latin America in 2022
According to Fortinet, the ransomware market has become very professional in 2021, with a well-established business model. Threat actors employ independent services to negotiate the ransom of data, help victims make payments, and arbitrate disputes between cybercriminal groups. The WannaCry variant, for example, has a language translator and even a support chat.
“In addition to the increased use of Ransomware-as-a-Service (RaaS) – where ransomware creators give it to third parties in exchange for a monthly payment or taking part of the profits made – we have observed that some ransomware actors offer their victims 24/7 technical support service to expedite the payment of the ransom and the restoration of encrypted systems or data”, explains Arturo Torres, cybersecurity strategist at FortiGuard Labs for Latin America and the Caribbean. “In conclusion, we are seeing a remarkable increase in the dangerousness, sophistication and success rate of cyber threats. This type of risk can no longer be addressed with one-off or too complex cybersecurity solutions to manage. An integrated platform is needed that is simple and can prevent, detect and respond to threats in an increasingly automated way.”
Other highlights from the first half 2022 report:
• During this first semester, the most detected exploit technique in the region was related to the vulnerability known as "Log4Shell". This vulnerability allows remote complete code execution (RCE) on a vulnerable system.
• Web-based malware has been one of the most effective ways for adversaries to distribute HTML and/or Java Script-based malware, using millions of malicious URLs as distribution channels. Once infected, victims' devices can be taken over by criminals, who can use them to steal credentials, generate spam, and promote denial-of-service (DDoS) attacks, for example.
• On the other hand, a strong distribution of malware was also observed in the region through Office documents, mainly Excel, which allows the attacker to take advantage of the application vulnerability to execute instructions or gain access to the “.system” file.
• As we have seen throughout 2021, Mirai remains the most active botnet campaign in all Latin American countries. Mirai is IoT malware that causes infected machines to join a botnet used for denial-of-service attacks. This botnet campaign has been adapted to spread using recent vulnerabilities such as Log4Shell.
• Finally, it is important to mention that botnet campaigns like Bladabindi and Gh0st are still very active in countries in the region, allowing attackers to take full control of the infected system, record keystrokes, access the live web camera and microphone, download and upload files, etc.
How is this data obtained?
FortiGuard Labs continuously monitors the attack surface across Latin America and the Caribbean and, having more than 60% of the number of enterprise security appliances deployed in the region*, has unrivaled visibility in the market. Added to this are hundreds of alliances with industry entities and security agencies to share information, which further increases access to threat intelligence and, consequently, the accuracy of the data presented.
This unique visibility enables analysis of millions of cyberattack attempts per day. FortiGuard Labs threat hunters, researchers, analysts, engineers and data scientists analyze and process this information using artificial intelligence (AI) and other innovative technologies to mine this data for new threats. Through these capabilities, FortiGuard Labs permanently provides the IPS signatures needed by organizations to detect and mitigate these threats.
These efforts result in timely, actionable threat intelligence in the form of security product updates and proactive threat research to help organizations better understand and defend against threats.
The FortiGuard Labs report is prepared quarterly for Latin America and the Caribbean, based on information obtained daily in real time.
Subscribe to the leading business intelligence platform in Latin America with different tools for Providers, Contractors, Operators, Government, Legal, Financial and Insurance industries.
News in: ICT (Mexico)

The state of fiber optics penetration across Latin America
BNamericas reviewed the most recent data from regulators and associations in the region.

Mexican datacenter association: We're optimistic about the new government
In this interview, Adriana Rivera, executive director of Mexican datacenter association MEXDC, shares her insights with BNamericas on what to expec...
Subscribe to Latin America’s most trusted business intelligence platform.
Other projects in: ICT
Get critical information about thousands of ICT projects in Latin America: what stages they're in, capex, related companies, contacts and more.
- Project: Santiago 2 Data Center Expansion
- Current stage:
- Updated:
6 months ago
- Project: RIO2 Data Center (RIO1 Expansion)
- Current stage:
- Updated:
6 months ago
- Project: DataTrust data center
- Current stage:
- Updated:
7 months ago
- Project: Humboldt Project (Trans-Pacific Submarine Cable, Asia-South America)
- Current stage:
- Updated:
7 months ago
- Project: Refefo fiber optic backbone network update (Stage 3)
- Current stage:
- Updated:
7 months ago
- Project: QR03 Data Center
- Current stage:
- Updated:
7 months ago
- Project: Norte Conectado Program (Infovia 02)
- Current stage:
- Updated:
7 months ago
- Project: QR02 Data Center
- Current stage:
- Updated:
7 months ago
- Project: Norte Conectado Program (Infovia 08)
- Current stage:
- Updated:
7 months ago
- Project: Norte Conectado Program (Infovia 06)
- Current stage:
- Updated:
7 months ago
Other companies in: ICT (Mexico)
Get critical information about thousands of ICT companies in Latin America: their projects, contacts, shareholders, related news and more.
- Company: Radiomovil Dipsa S.A. de C.V.  (Telcel)
-
Radiomovil Dipsa S.A. de C.V. (Telcel) is a Mexican mobile operator which offers voice services under a variety of rate plans, either prepaid or postpaid. Additionally, the comp...
- Company: Scitum, S.A. de C.V.  (Scitum)
-
Scitum S.A. de C.V. is a Mexican company controlled by Teléfonos de México S.A.B. of C.V. (Telmex) and Grupo Carso S.A.B. of C.V. The firm provides information security within L...
- Company: Teléfonos de México, S.A.B. de C.V.  (Telmex)
-
Telephones of Mexico S.A.B. de C.V. (Telmex) is a provider of telecommunications and information technology, subsidiary of Mexican América Móvil. The company offers connectivity...
- Company: Equipos Especializados en Renta NG S. de R.L. de C.V.  (NG Renta)
-
The description included in this profile was taken directly from an official source and has not been modified or edited by the BNamericas’ researchers. However, it may have been...
- Company: Valores Corporativos Softtek S.A. de C.V.  (Softtek)
-
Valores Corporativos Softtek S.A. de C.V. (Softtek) is a global supplier of information technologies, established in 1982 by the Mexican business woman Blanca Trevino, to offer ...
- Company: Alvarez & Marsal, Sucursal México
- Company: Elara Comunicaciones S.A.P.I. de C.V.  (Elara Comunicaciones)
-
Elara, founded in 2004, offers telecommunications and technology solutions in Mexico and the Latam market. Through its four business units, Elara innovates and creates connectiv...
- Company: Hansam, S.A. de C.V.