Cybercriminals in the region have built their own tools and learned from their predecessors in other regions, says Trend Micro report in cooperation with Organization of American States (OAS)

Dark Reading Staff, Dark Reading

May 3, 2013

4 Min Read

Eastern Europe isn't the only region housing a healthy cybercrime industry: Latin America is quietly becoming a new hotbed of activity, and the cybercriminals there are learning their craft from missteps of their counterparts in other regions.

Cyberattack incidents increased anywhere from 8 to 40 percent last year in Latin America and the Caribbean, depending on the country -- and that's only among nations that reported or knew about the threats hitting them, according to a new report published today by Trend Micro in collaboration with the Organization of American States (OAS).

Getting a handle on the situation in Latin American and the Caribbean is tricky: There is little, if any, cooperation and information-sharing among nations there, and private industry is notoriously loathe to report any incidents they experience.

But data and information gathered from Trend's survey of OAS member states, as well as intelligence from Trend Micro's honeypots and data culled from its customer data, show a burgeoning region of cybercrime and victims. A lack of cybercrime laws, economic challenges, and unpatched and unprotected citizen machines make the region ripe for cybercrime -- and the data only represents a fraction of the cybercrime incidents there since few incidents are even reported or detected, according to Trend's report.

"Latin America is a new, emerging threat region -- if you’re in government, finance, or energy and doing business in Latin America, be prepared to be the target of sophisticated attacks that have seen a dramatic evolution in capability," says Tom Kellermann, vice president of cyber security at Trend Micro.

Attacks on critical infrastructure in the region are on the rise. One large national utility was hit by a series of attacks, as were financial institutions and a major telecommunications provider that briefly disrupted cellular service. According to Trend's own data, the nations in the region have a large percentage of Internet-facing industrial control systems -- with Argentina, Peru, and Columbia leading the list of ICS systems on the Net. Many of these systems aren't password-protected or running patched, up-to-date software, Trend says.

"Attacks on critical infrastructure and especially industrial control systems are on the rise," Kellermann says. "Financial institutions, in particular, are being targeted by sophisticated, unique Trojan attacks."

Traditional crime syndicates in Latin America have carved out their own tools and developed their own cybercrime kits. In December 2012, the Latin-born PiceBOT kit debuted in the region. The kit, which sells for about $140, steals financial information. Crimeware kits are bought and sold on social networks, with Orkut as the most popular venue, as are IRC channels, where stolen financial information is traded. Banking Trojans are popular among the bad guys.

Cybercriminals in the region have learned from the botnet takedowns of 2011 and 2012 that hit Eastern European gangs hard: Rather than using paid and proxy servers, they typically use free hosting services for their malware, command-and-control servers, phishing pages, and other malicious content. They typically favor Dot TK and other free hosting services' free trial services, which provide them with about a week's worth of free hosting until they have to move to another hosting service, so this likely provides them an easy way to hide their tracks, the report says.

"Latin American cybercrime is being perpetrated by traditional criminal syndicates who are no longer relying on Eastern European-developed tools, but instead are crafting their own sophisticated cybercrime tools," Trend's Kellermann says.

Hacktivism is growing there as well, with two Latin American countries reporting attack campaigns protesting legislation on copyright enforcement and tax code reform last year. Hacktivist groups threatened to hammer government network infrastructures unless lawmakers vetoed the legislation, but computer emergency response teams there were able to prepare and deflect much of the attacks from disrupting operations.

Mexico, for instance, experienced a 40 percent increase in hacktivist attacks last year, highlighted by major DDoS, Web defacements, and cross-site scripting and SQL injection attacks during the 2012 presidential campaign.

The most popular malware in Latin America are file infector families, including Sality and Ramnit, as well as Mustan, which came on strong in the third quarter of last year and usurped Sality with more than 2 million infections.

At least two Latin American nations, Chile and Columbia, have seen an improved cybercrime picture. Incidents requiring response and investigation dropped 33 percent last year, and wire fraud incidents, such as phishing and pharming attacks, decreased by 122 percent. Chilean officials attribute that big drop in those types of attacks to the takedown of a large criminal syndicate there responsible for much of that type of malware.

Meanwhile, OAS member nations are trying to instill stronger cooperation and information-sharing to help quell cybercrime and threats. "Overall, OAS Member States have shown unity on cybersecurity issues," the Trend reports says, namely an inter-nation 2004 cybersecurity strategy and most recently, the 2012 "Strengthening Cybersecurity In the Americas" declaration.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights