Detections of cyberattacks
grew by 200% in Argentina
in the last year, according to a report by
Fortinet
, a computer security company: there were more than
10 million
positives in 2022.
Latin America was in the eye of the storm: the
Latin American and Caribbean
region suffered more than
360 billion
attempted cyberattacks in 2022.
Mexico
received the most attempted attacks (187 billion), followed by
Brazil
(103 billion). ,
Colombia
(20,000 million) and
Peru
(15,000 million), according to the FortiGuard Labs Global Threats report from the last semester of last year to which
Clarín
had access .
In addition, the report detected an intensification of
wipers
, a particular type of malicious program -malware- that deletes information.
This trend increased after Russia's invasion of Ukraine.
“Adversaries are adding more reconnaissance techniques and deploying more sophisticated attack alternatives to perform
destructive intents
with advanced and persistent threat methods such as
wiper
malware or other evolved attacks,” said Derek Manky, head of threat analysis and vice president global, FortiGuard Labs laboratory.
Manky warned, last year at the Fortinet Xperts Summit, attended by Clarín, the growth of this type of virus: “Wipers constitute the greatest danger today: destructive cyberattacks.
Ransomware and theft of corporate email accounts (BEC) are common today, but this year we detected a strong growth of this type of
programs that are written to destroy information
”.
Fortinet Threat Report 2022. Photo Fortinet
“They have been around for a long time, but typically in the past they were only used by state-
sponsored attacks
to destroy information from other nations.
A cybercriminal who makes
ransomware
doesn't destroy the system because he wants to hold the user hostage: he wants to encrypt the data and he wants to say 'Okay, give us the money and we'll give you your data back'.
If you destroy them, you cannot return them
”, he recounted in dialogue with this medium.
Furthermore, in October 2022 there was a peak of denial of service attacks in Argentina.
“These attacks are very famous, since they have become part of the techniques to carry out extortion, especially from governments.
The growth is expected by the large number of
activist
groups that exist in Latin America”, explains to Clarín Arturo Torres, Intelligence Strategist against threats for FortiGuard Labs for Latin America and the Caribbean.
The State of Ransomware as a Service
LockBit, the group with the most attacks in 2022. Source: Kela
FortiGuard Labs Incident Response reports “found that
financially motivated
cybercrime resulted in the highest volume of incidents (73.9%), with espionage a close second (13%).”
In all of 2022, 82% of financially motivated cybercrime “involved the use of ransomware or malicious scripts, proving that the global threat of ransomware remains in place with no evidence of slowing down thanks to the growing popularity of Ransomware-as-a-Service
. (RaaS)
on the dark web: Ransomware volume increased 16% since the first half of 2022.”
Thus, there is no evidence of a slowdown in ransomware as a service, a type of cyberattack that is outsourced, where a group of cybercriminals programs the ransomware itself (the “payload”) and a third party deposits it.
In Argentina there were many cases last year, with Artear and Osde at the forefront, but also the Buenos Aires Legislature, the National Senate and the Justice of Córdoba.
This year Grupo Albanesi and
La Segunda (LockBit)
have already fallen .
“The gangs that have this modality
put their malicious code up for sale
.
This is generally through the dark web: there they sell their encryption program and look for someone to deploy it.
The partner or affiliate can be an employee of the attacked company, or someone who bought the service to deposit it with a victim, because they have privileged access," Torres describes.
"When ransomware is deployed and a company is infected, extortion and negotiation start. That's when the gang starts to interact. After negotiating, the profits are
shared
between the creator of the malicious code, that is, the cybercriminal group, and their affiliates", adds the Fortinet expert to understand the system. Bands like LockBit, for example, are known for giving
20%
of the economic benefit to their partners.
Reused code and old botents
DDoS, a type of denial of service cyberattack.
Photo Shutterstock
Another point that the report highlights is the recycling capacity of the codes designed by cybercriminals.
“They are
entrepreneurs
by nature and seek to maximize existing investments and knowledge to make their attack efforts more effective and profitable – code reuse is an efficient and lucrative way where criminals build on successful results and make iterative changes to fine-tune. their attacks and overcome defensive obstacles”, they explain from the laboratory.
“When FortiGuard Labs analyzed the most prevalent malware for the second half of 2022, most of the top spots were held by malware older than a year.
Cybercriminals not only automate threats, but
actively update the code
to make them even more effective," they conclude.
In fact, the latest code from the LockBit cybercriminal gang (known as
LockBit Green
), reuses part of the code from the now extinct
Conti
group .
Another interesting point has to do with botnets to carry out
various attacks
: they found that there are detections of old infrastructure that is still effective.
“When examining botnet threats by prevalence, many are not new.
These 'old' botnets are still ubiquitous for a reason – they are still very
effective
,” the report details.
In particular, they found that they are prevalent in attacks against the telecommunications sector and the manufacturing sector, which is known for its pervasive operational technology (OT).
"Criminals are making a concerted effort to target these industries with methods already used," they warn.
These industrial technology structures are tremendously vulnerable, because the vast majority are far behind in terms of information security parameters.
Log4j
, the application that suffered a critical vulnerability in 2021, is still being exploited by systems that do not have security updates.
Phishing
Password theft is usually the most common form of intrusion.
Photo: Shutterstock
Lastly, it is important to remember that the entry vector for hacking systems is usually
deception through phishing in a high percentage.
“The first thing to understand is that awareness is key.
Cybercriminals take advantage of the fact that we all use digital platforms, from work to video games, where our credit cards are, for example,” warns Torres.
Also remember that there are three good practices that should be incorporated: not opening suspicious emails, having strong passwords -or, better yet, using a password manager- and always checking to have a second authentication factor.
SL
look too
LockBit adds another Argentine company among its ransomware victims: Grupo Albanesi
Another city in the United States suffers a ransomware attack: now, Oakland
