Positive Technologies: government institutions in Latin America are under ransomware attack

Positive Technologies analyzed the state of cybersecurity in Latin American countries in 2022–2023. According to the study, Mexico, Brazil, and Argentina account for the majority of incidents. A particularity of ransomware attacks in the region is that they mostly target government institutions. In attacks on individuals, malware is used more frequently than in any other region worldwide.

Mexico, Brazil, and Argentina accounted for 44% of the attacks, which coincides with global statistics stating that these countries are the most attacked in the region.

The majority of successful attacks on organizations in 2022–2023 targeted government agencies (31%), industrial enterprises (11%), financial institutions (9%), and retail companies (9%). In 61% of cases, attacks on organizations led to confidential information leaks.

The most serious cyberthreat to organizations and states in the region is ransomware attacks.

Ekaterina Kilyusheva, Lead Expert of Information Security Analytics Research at Positive Technologies: "More than half of all successful attacks (52%) led to the disruption of company operations, that is, suspension of business processes or loss of access to infrastructure or data. This figure is higher than the global average, due to the activities of ransomware operators. Such attacks in this region often target government structures: the percentage of affected government agencies (31%) is 2.2 times higher than the global average for the same period."

On shadow forums, criminals actively trade and exchange stolen data, hacking services, and access to the networks of Latin American organizations. In more than half of the listings (53%) specifying a particular country in the region, either Brazil, Argentina, or Mexico is named. Most commonly sold on the dark web is access to the networks of financial institutions, government agencies, IT companies, industrial enterprises, and service organizations.

The high levels of mobile Internet penetration, mobile device use, and electronic payments in the region have led to an increase in attacks on citizens' mobile devices. In attacks on individuals, malware is used more frequently than in any other region worldwide: 78% of attacks involve malware, primarily spyware (40%) and banking trojans (32%). Given the public's poor information security awareness, individuals can easily fall victim to attacks.

Latin American states need to strengthen regional cooperation in combating cybercrime and harmonize their cybersecurity legislation, making use of the accumulated experience and best practices of developed countries. Recommendations include developing national cybersecurity strategies, improving liaison between organizations and national cyberincident response centers, supporting cybersecurity training programs, and promoting international ties and data exchange. Recommendations for improving the cyber resilience of organizations include defining non-tolerable events and protecting critical assets, monitoring and responding to cyberthreats with advanced security tools, evaluating the efficacy of implemented measures, and training employees.