Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/3/2013
07:38 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Threat Nuevo: Latin America, Caribbean Cybercrime On The Rise

Cybercriminals in the region have built their own tools and learned from their predecessors in other regions, says Trend Micro report in cooperation with Organization of American States (OAS)

Eastern Europe isn't the only region housing a healthy cybercrime industry: Latin America is quietly becoming a new hotbed of activity, and the cybercriminals there are learning their craft from missteps of their counterparts in other regions.

Cyberattack incidents increased anywhere from 8 to 40 percent last year in Latin America and the Caribbean, depending on the country -- and that's only among nations that reported or knew about the threats hitting them, according to a new report published today by Trend Micro in collaboration with the Organization of American States (OAS).

Getting a handle on the situation in Latin American and the Caribbean is tricky: There is little, if any, cooperation and information-sharing among nations there, and private industry is notoriously loathe to report any incidents they experience.

But data and information gathered from Trend's survey of OAS member states, as well as intelligence from Trend Micro's honeypots and data culled from its customer data, show a burgeoning region of cybercrime and victims. A lack of cybercrime laws, economic challenges, and unpatched and unprotected citizen machines make the region ripe for cybercrime -- and the data only represents a fraction of the cybercrime incidents there since few incidents are even reported or detected, according to Trend's report.

"Latin America is a new, emerging threat region -- if you’re in government, finance, or energy and doing business in Latin America, be prepared to be the target of sophisticated attacks that have seen a dramatic evolution in capability," says Tom Kellermann, vice president of cyber security at Trend Micro.

Attacks on critical infrastructure in the region are on the rise. One large national utility was hit by a series of attacks, as were financial institutions and a major telecommunications provider that briefly disrupted cellular service. According to Trend's own data, the nations in the region have a large percentage of Internet-facing industrial control systems -- with Argentina, Peru, and Columbia leading the list of ICS systems on the Net. Many of these systems aren't password-protected or running patched, up-to-date software, Trend says.

"Attacks on critical infrastructure and especially industrial control systems are on the rise," Kellermann says. "Financial institutions, in particular, are being targeted by sophisticated, unique Trojan attacks."

Traditional crime syndicates in Latin America have carved out their own tools and developed their own cybercrime kits. In December 2012, the Latin-born PiceBOT kit debuted in the region. The kit, which sells for about $140, steals financial information. Crimeware kits are bought and sold on social networks, with Orkut as the most popular venue, as are IRC channels, where stolen financial information is traded. Banking Trojans are popular among the bad guys.

Cybercriminals in the region have learned from the botnet takedowns of 2011 and 2012 that hit Eastern European gangs hard: Rather than using paid and proxy servers, they typically use free hosting services for their malware, command-and-control servers, phishing pages, and other malicious content. They typically favor Dot TK and other free hosting services' free trial services, which provide them with about a week's worth of free hosting until they have to move to another hosting service, so this likely provides them an easy way to hide their tracks, the report says.

"Latin American cybercrime is being perpetrated by traditional criminal syndicates who are no longer relying on Eastern European-developed tools, but instead are crafting their own sophisticated cybercrime tools," Trend's Kellermann says.

Hacktivism is growing there as well, with two Latin American countries reporting attack campaigns protesting legislation on copyright enforcement and tax code reform last year. Hacktivist groups threatened to hammer government network infrastructures unless lawmakers vetoed the legislation, but computer emergency response teams there were able to prepare and deflect much of the attacks from disrupting operations.

Mexico, for instance, experienced a 40 percent increase in hacktivist attacks last year, highlighted by major DDoS, Web defacements, and cross-site scripting and SQL injection attacks during the 2012 presidential campaign.

The most popular malware in Latin America are file infector families, including Sality and Ramnit, as well as Mustan, which came on strong in the third quarter of last year and usurped Sality with more than 2 million infections.

At least two Latin American nations, Chile and Columbia, have seen an improved cybercrime picture. Incidents requiring response and investigation dropped 33 percent last year, and wire fraud incidents, such as phishing and pharming attacks, decreased by 122 percent. Chilean officials attribute that big drop in those types of attacks to the takedown of a large criminal syndicate there responsible for much of that type of malware.

Meanwhile, OAS member nations are trying to instill stronger cooperation and information-sharing to help quell cybercrime and threats. "Overall, OAS Member States have shown unity on cybersecurity issues," the Trend reports says, namely an inter-nation 2004 cybersecurity strategy and most recently, the 2012 "Strengthening Cybersecurity In the Americas" declaration.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JG158
50%
50%
JG158,
User Rank: Apprentice
5/7/2013 | 9:14:46 PM
re: Threat Nuevo: Latin America, Caribbean Cybercrime On The Rise
Colombia, not Columbia.
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-9501
PUBLISHED: 2019-10-22
The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
CVE-2019-16971
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
CVE-2019-16972
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16973
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2015-9496
PUBLISHED: 2019-10-22
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.