Vulnerabilities / Threats
5/3/2013
07:38 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Threat Nuevo: Latin America, Caribbean Cybercrime On The Rise

Cybercriminals in the region have built their own tools and learned from their predecessors in other regions, says Trend Micro report in cooperation with Organization of American States (OAS)

Eastern Europe isn't the only region housing a healthy cybercrime industry: Latin America is quietly becoming a new hotbed of activity, and the cybercriminals there are learning their craft from missteps of their counterparts in other regions.

Cyberattack incidents increased anywhere from 8 to 40 percent last year in Latin America and the Caribbean, depending on the country -- and that's only among nations that reported or knew about the threats hitting them, according to a new report published today by Trend Micro in collaboration with the Organization of American States (OAS).

Getting a handle on the situation in Latin American and the Caribbean is tricky: There is little, if any, cooperation and information-sharing among nations there, and private industry is notoriously loathe to report any incidents they experience.

But data and information gathered from Trend's survey of OAS member states, as well as intelligence from Trend Micro's honeypots and data culled from its customer data, show a burgeoning region of cybercrime and victims. A lack of cybercrime laws, economic challenges, and unpatched and unprotected citizen machines make the region ripe for cybercrime -- and the data only represents a fraction of the cybercrime incidents there since few incidents are even reported or detected, according to Trend's report.

"Latin America is a new, emerging threat region -- if you’re in government, finance, or energy and doing business in Latin America, be prepared to be the target of sophisticated attacks that have seen a dramatic evolution in capability," says Tom Kellermann, vice president of cyber security at Trend Micro.

Attacks on critical infrastructure in the region are on the rise. One large national utility was hit by a series of attacks, as were financial institutions and a major telecommunications provider that briefly disrupted cellular service. According to Trend's own data, the nations in the region have a large percentage of Internet-facing industrial control systems -- with Argentina, Peru, and Columbia leading the list of ICS systems on the Net. Many of these systems aren't password-protected or running patched, up-to-date software, Trend says.

"Attacks on critical infrastructure and especially industrial control systems are on the rise," Kellermann says. "Financial institutions, in particular, are being targeted by sophisticated, unique Trojan attacks."

Traditional crime syndicates in Latin America have carved out their own tools and developed their own cybercrime kits. In December 2012, the Latin-born PiceBOT kit debuted in the region. The kit, which sells for about $140, steals financial information. Crimeware kits are bought and sold on social networks, with Orkut as the most popular venue, as are IRC channels, where stolen financial information is traded. Banking Trojans are popular among the bad guys.

Cybercriminals in the region have learned from the botnet takedowns of 2011 and 2012 that hit Eastern European gangs hard: Rather than using paid and proxy servers, they typically use free hosting services for their malware, command-and-control servers, phishing pages, and other malicious content. They typically favor Dot TK and other free hosting services' free trial services, which provide them with about a week's worth of free hosting until they have to move to another hosting service, so this likely provides them an easy way to hide their tracks, the report says.

"Latin American cybercrime is being perpetrated by traditional criminal syndicates who are no longer relying on Eastern European-developed tools, but instead are crafting their own sophisticated cybercrime tools," Trend's Kellermann says.

Hacktivism is growing there as well, with two Latin American countries reporting attack campaigns protesting legislation on copyright enforcement and tax code reform last year. Hacktivist groups threatened to hammer government network infrastructures unless lawmakers vetoed the legislation, but computer emergency response teams there were able to prepare and deflect much of the attacks from disrupting operations.

Mexico, for instance, experienced a 40 percent increase in hacktivist attacks last year, highlighted by major DDoS, Web defacements, and cross-site scripting and SQL injection attacks during the 2012 presidential campaign.

The most popular malware in Latin America are file infector families, including Sality and Ramnit, as well as Mustan, which came on strong in the third quarter of last year and usurped Sality with more than 2 million infections.

At least two Latin American nations, Chile and Columbia, have seen an improved cybercrime picture. Incidents requiring response and investigation dropped 33 percent last year, and wire fraud incidents, such as phishing and pharming attacks, decreased by 122 percent. Chilean officials attribute that big drop in those types of attacks to the takedown of a large criminal syndicate there responsible for much of that type of malware.

Meanwhile, OAS member nations are trying to instill stronger cooperation and information-sharing to help quell cybercrime and threats. "Overall, OAS Member States have shown unity on cybersecurity issues," the Trend reports says, namely an inter-nation 2004 cybersecurity strategy and most recently, the 2012 "Strengthening Cybersecurity In the Americas" declaration.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JG158
50%
50%
JG158,
User Rank: Apprentice
5/7/2013 | 9:14:46 PM
re: Threat Nuevo: Latin America, Caribbean Cybercrime On The Rise
Colombia, not Columbia.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8893
Published: 2015-01-28
Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-8894
Published: 2015-01-28
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.

CVE-2014-8895
Published: 2015-01-28
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.

CVE-2014-8917
Published: 2015-01-28
Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media A...

CVE-2014-8920
Published: 2015-01-28
Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If youíre a security professional, youíve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.