Cyberattack Trends in Latin America

By Holly Gilbert Stowell

01 November 2013

Print Issue: November 2013

Latin America is experiencing tremendous growth—unfortunately the growth in question relates to cyberattacks. “If you look at Peru, you see 28 times as much malware in 2012 as in 2011; Mexico about 16 times; Brazil about 12 times; Chile about 10; and Argentina about seven times,” said Andrew Lee, CEO of ESET. These tremendous growth rates are expected to continue in the coming years, Lee noted.

Lee was talking specifically about mobile malware, especially on Android operating systems. The landscape for these types of attacks is broadening at a rapid pace, with more than 1.3 million new Android activations worldwide each day. “If we look at the evolution of Android malware, it’s kind of mirrored the evolution of the mobile platform; it’s gone from being clunky and fairly low in function to very sophisticated and a very high-end function,” he said.

That’s just one aspect of the cyber threatscape analyzed by Lee and other panelists during a panel discussion titled “Emerging Threats and Trends: The Latin American Landscape.” The panel was part of the SegurInfo conference in Washington, D.C. The conference was hosted by the Organization of American States (OAS), which was originally established in 1948 to promote peace and justice in the Americas.

Another panelist was Tom Kellermann, vice president of cybersecurity at Trend Micro, a network security solutions company. He discussed a report that Trend Micro released jointly with OAS called Latin American and Caribbean Cybersecurity Trends and Government Responses.

Kellermann noted that while organized crime groups, such as narco-traffickers, have embraced cybercrime, the governments of Latin American countries haven’t been able to keep up in terms of defending against this type of crime. “Only two out of five countries have an effective cybercrime law, let alone effective law enforcement to hunt [cyberattackers],” he said.

Another finding was that Latin America is experiencing tremendous growth in the area of Web-based attacks, as well as custom attacks against the financial sector and industrial control systems, the latter of which are used in utilities and critical infrastructure. These are being heavily targeted now with hundreds of attacks daily, according to Kellermann.

Also highlighted in the report is the emergence of underground markets for dealing in cybercrime tools and expertise in Latin America. Hackers are “distributing weapons in this community through various blogs and many social networking and social media sites,” according to Kellermann.

“Now there are wholesale arms bazaars that are widely available specific to Latin America that allow you to leverage the latest attack capabilities. For example, for less than $600, you can leverage attacks that can bypass most of the perimeter defenses that are established by most organizations under ISO standards,” Kellermann explains.

Another issue is the lack of sophisticated defenses in place, leaving systems vulnerable to older malware that might not be effective in other countries and regions. “We’ve found, surprisingly, that Configure, an old polymorphic worm, is still very prevalent in the region,” Kellermann said. “This can be due to a lot of reasons, but I think the largest part is going to be the lack of vulnerability management by users, partners, and ecosystems in the region.”

In discussing the mobile threat, Lee cited SMS Trojans as one of the most common cyberattack vectors in Latin America. He specifically noted the existence of Boxer, a variant that has been detected in the region. With this particular SMS Trojan, users unwittingly download malware to their mobile devices by opening a text message that appears to be coming from a known sender. “Then that [mobile device] will start sending SMS on your behalf to a premium malware vendor,” sccording to Lee. “Ultimately this is a very simple attack. It’s become very prevalent because it works—it works very well—and the attacker makes a lot of money from it.”

Lee explained that Latin America has seen an increase in tailored malware attacks. The hallmark of these types of attacks is that the hackers slightly modify the malicious software over time in order to increase the likelihood of a successful attack. Each version of the malware that the hackers produce is adjusted to provide a more effective attack or to evade detection. “[T]here’s been a lot of work put into the development of those pieces of malware,” Lee attests.

Also on the panel was Kevin Haley, director of product management at Symantec Security Response. He spoke in general about the threat that arises when hackers leverage smaller businesses to get to the intellectual property of larger organizations. This is a trend that is explained in Symantec’s latest annual Internet Security Threat Report.

“If you look by industry at who’s being attacked, the most growth we saw in 2012 was actually manufacturers, and that growth was mainly due to small manufacturers being attacked,” noted Haley. “The bad guys are going after the small manufacturers to learn the secrets that their larger partners are sharing with them.”

As far back as 2004, OAS did establish guidelines for fighting cybercrime in the Latin American region when it adopted the Inter-American Cyber Security Strategy that founded a multidisciplinary approach to cybersecurity. However, as the Trend Micro report on the region pointed out, the guidelines have not made the desired headway. The paper recommends further action. For example, the report urges governments to raise awareness among critical infrastructure operations and government agencies, offer more cyber education, and further institutionalize cybersecurity practices and regulations.

Haley added that any multipronged cybersecurity strategy should include law enforcement and diplomacy.