Vulnerabilities / Threats
5/3/2013
07:38 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Threat Nuevo: Latin America, Caribbean Cybercrime On The Rise

Cybercriminals in the region have built their own tools and learned from their predecessors in other regions, says Trend Micro report in cooperation with Organization of American States (OAS)

Eastern Europe isn't the only region housing a healthy cybercrime industry: Latin America is quietly becoming a new hotbed of activity, and the cybercriminals there are learning their craft from missteps of their counterparts in other regions.

Cyberattack incidents increased anywhere from 8 to 40 percent last year in Latin America and the Caribbean, depending on the country -- and that's only among nations that reported or knew about the threats hitting them, according to a new report published today by Trend Micro in collaboration with the Organization of American States (OAS).

Getting a handle on the situation in Latin American and the Caribbean is tricky: There is little, if any, cooperation and information-sharing among nations there, and private industry is notoriously loathe to report any incidents they experience.

But data and information gathered from Trend's survey of OAS member states, as well as intelligence from Trend Micro's honeypots and data culled from its customer data, show a burgeoning region of cybercrime and victims. A lack of cybercrime laws, economic challenges, and unpatched and unprotected citizen machines make the region ripe for cybercrime -- and the data only represents a fraction of the cybercrime incidents there since few incidents are even reported or detected, according to Trend's report.

"Latin America is a new, emerging threat region -- if you’re in government, finance, or energy and doing business in Latin America, be prepared to be the target of sophisticated attacks that have seen a dramatic evolution in capability," says Tom Kellermann, vice president of cyber security at Trend Micro.

Attacks on critical infrastructure in the region are on the rise. One large national utility was hit by a series of attacks, as were financial institutions and a major telecommunications provider that briefly disrupted cellular service. According to Trend's own data, the nations in the region have a large percentage of Internet-facing industrial control systems -- with Argentina, Peru, and Columbia leading the list of ICS systems on the Net. Many of these systems aren't password-protected or running patched, up-to-date software, Trend says.

"Attacks on critical infrastructure and especially industrial control systems are on the rise," Kellermann says. "Financial institutions, in particular, are being targeted by sophisticated, unique Trojan attacks."

Traditional crime syndicates in Latin America have carved out their own tools and developed their own cybercrime kits. In December 2012, the Latin-born PiceBOT kit debuted in the region. The kit, which sells for about $140, steals financial information. Crimeware kits are bought and sold on social networks, with Orkut as the most popular venue, as are IRC channels, where stolen financial information is traded. Banking Trojans are popular among the bad guys.

Cybercriminals in the region have learned from the botnet takedowns of 2011 and 2012 that hit Eastern European gangs hard: Rather than using paid and proxy servers, they typically use free hosting services for their malware, command-and-control servers, phishing pages, and other malicious content. They typically favor Dot TK and other free hosting services' free trial services, which provide them with about a week's worth of free hosting until they have to move to another hosting service, so this likely provides them an easy way to hide their tracks, the report says.

"Latin American cybercrime is being perpetrated by traditional criminal syndicates who are no longer relying on Eastern European-developed tools, but instead are crafting their own sophisticated cybercrime tools," Trend's Kellermann says.

Hacktivism is growing there as well, with two Latin American countries reporting attack campaigns protesting legislation on copyright enforcement and tax code reform last year. Hacktivist groups threatened to hammer government network infrastructures unless lawmakers vetoed the legislation, but computer emergency response teams there were able to prepare and deflect much of the attacks from disrupting operations.

Mexico, for instance, experienced a 40 percent increase in hacktivist attacks last year, highlighted by major DDoS, Web defacements, and cross-site scripting and SQL injection attacks during the 2012 presidential campaign.

The most popular malware in Latin America are file infector families, including Sality and Ramnit, as well as Mustan, which came on strong in the third quarter of last year and usurped Sality with more than 2 million infections.

At least two Latin American nations, Chile and Columbia, have seen an improved cybercrime picture. Incidents requiring response and investigation dropped 33 percent last year, and wire fraud incidents, such as phishing and pharming attacks, decreased by 122 percent. Chilean officials attribute that big drop in those types of attacks to the takedown of a large criminal syndicate there responsible for much of that type of malware.

Meanwhile, OAS member nations are trying to instill stronger cooperation and information-sharing to help quell cybercrime and threats. "Overall, OAS Member States have shown unity on cybersecurity issues," the Trend reports says, namely an inter-nation 2004 cybersecurity strategy and most recently, the 2012 "Strengthening Cybersecurity In the Americas" declaration.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JG158
50%
50%
JG158,
User Rank: Apprentice
5/7/2013 | 9:14:46 PM
re: Threat Nuevo: Latin America, Caribbean Cybercrime On The Rise
Colombia, not Columbia.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

CVE-2014-4449
Published: 2014-10-22
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-4450
Published: 2014-10-22
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.

CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.