Vulnerabilities / Threats
5/3/2013
07:38 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Threat Nuevo: Latin America, Caribbean Cybercrime On The Rise

Cybercriminals in the region have built their own tools and learned from their predecessors in other regions, says Trend Micro report in cooperation with Organization of American States (OAS)

Eastern Europe isn't the only region housing a healthy cybercrime industry: Latin America is quietly becoming a new hotbed of activity, and the cybercriminals there are learning their craft from missteps of their counterparts in other regions.

Cyberattack incidents increased anywhere from 8 to 40 percent last year in Latin America and the Caribbean, depending on the country -- and that's only among nations that reported or knew about the threats hitting them, according to a new report published today by Trend Micro in collaboration with the Organization of American States (OAS).

Getting a handle on the situation in Latin American and the Caribbean is tricky: There is little, if any, cooperation and information-sharing among nations there, and private industry is notoriously loathe to report any incidents they experience.

But data and information gathered from Trend's survey of OAS member states, as well as intelligence from Trend Micro's honeypots and data culled from its customer data, show a burgeoning region of cybercrime and victims. A lack of cybercrime laws, economic challenges, and unpatched and unprotected citizen machines make the region ripe for cybercrime -- and the data only represents a fraction of the cybercrime incidents there since few incidents are even reported or detected, according to Trend's report.

"Latin America is a new, emerging threat region -- if you’re in government, finance, or energy and doing business in Latin America, be prepared to be the target of sophisticated attacks that have seen a dramatic evolution in capability," says Tom Kellermann, vice president of cyber security at Trend Micro.

Attacks on critical infrastructure in the region are on the rise. One large national utility was hit by a series of attacks, as were financial institutions and a major telecommunications provider that briefly disrupted cellular service. According to Trend's own data, the nations in the region have a large percentage of Internet-facing industrial control systems -- with Argentina, Peru, and Columbia leading the list of ICS systems on the Net. Many of these systems aren't password-protected or running patched, up-to-date software, Trend says.

"Attacks on critical infrastructure and especially industrial control systems are on the rise," Kellermann says. "Financial institutions, in particular, are being targeted by sophisticated, unique Trojan attacks."

Traditional crime syndicates in Latin America have carved out their own tools and developed their own cybercrime kits. In December 2012, the Latin-born PiceBOT kit debuted in the region. The kit, which sells for about $140, steals financial information. Crimeware kits are bought and sold on social networks, with Orkut as the most popular venue, as are IRC channels, where stolen financial information is traded. Banking Trojans are popular among the bad guys.

Cybercriminals in the region have learned from the botnet takedowns of 2011 and 2012 that hit Eastern European gangs hard: Rather than using paid and proxy servers, they typically use free hosting services for their malware, command-and-control servers, phishing pages, and other malicious content. They typically favor Dot TK and other free hosting services' free trial services, which provide them with about a week's worth of free hosting until they have to move to another hosting service, so this likely provides them an easy way to hide their tracks, the report says.

"Latin American cybercrime is being perpetrated by traditional criminal syndicates who are no longer relying on Eastern European-developed tools, but instead are crafting their own sophisticated cybercrime tools," Trend's Kellermann says.

Hacktivism is growing there as well, with two Latin American countries reporting attack campaigns protesting legislation on copyright enforcement and tax code reform last year. Hacktivist groups threatened to hammer government network infrastructures unless lawmakers vetoed the legislation, but computer emergency response teams there were able to prepare and deflect much of the attacks from disrupting operations.

Mexico, for instance, experienced a 40 percent increase in hacktivist attacks last year, highlighted by major DDoS, Web defacements, and cross-site scripting and SQL injection attacks during the 2012 presidential campaign.

The most popular malware in Latin America are file infector families, including Sality and Ramnit, as well as Mustan, which came on strong in the third quarter of last year and usurped Sality with more than 2 million infections.

At least two Latin American nations, Chile and Columbia, have seen an improved cybercrime picture. Incidents requiring response and investigation dropped 33 percent last year, and wire fraud incidents, such as phishing and pharming attacks, decreased by 122 percent. Chilean officials attribute that big drop in those types of attacks to the takedown of a large criminal syndicate there responsible for much of that type of malware.

Meanwhile, OAS member nations are trying to instill stronger cooperation and information-sharing to help quell cybercrime and threats. "Overall, OAS Member States have shown unity on cybersecurity issues," the Trend reports says, namely an inter-nation 2004 cybersecurity strategy and most recently, the 2012 "Strengthening Cybersecurity In the Americas" declaration.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JG158
50%
50%
JG158,
User Rank: Apprentice
5/7/2013 | 9:14:46 PM
re: Threat Nuevo: Latin America, Caribbean Cybercrime On The Rise
Colombia, not Columbia.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.