Cyber ​​attacks in Argentina are growing by 200%: in 2022 there were more than 10 million

Share This Post

- Advertisement -

Cyber ​​attack detections it grew 200% in Argentina over the past year, according to a report by fortineta cyber security company – there were more than 10 million of positives in 2022.

- Advertisement -

Latin America was in the eye of the storm: the region of Latin America and the Caribbean suffered more than 360,000 million of attempted cyber attacks in 2022. Mexico received the most attempted attacks (187 billion), followed by Brazil (103,000 million), Colombia (20,000 million) e Peru (15,000 million), according to the FortiGuard Labs Global Threat report for the last half of last year accessed clarion.

Furthermore, the report noted an intensification of the wipers, a special type of malicious program -malware- that deletes information. This trend has increased since the Russian invasion of Ukraine.

- Advertisement -

“Adversaries are adding more reconnaissance techniques and deploying more sophisticated attack alternatives to execute theirs destructive attempts with advanced and persistent threat methods, such as windscreen wiper malware or other advanced attacks,” explains Derek Manky, Head of Threat Analysis and Global Vice President of Laboratory, FortiGuard Labs.

Manky warned of the growth of this type of virus at the Fortinet Xperts Summit last year, attended by Clarín: “Wipers are the greatest danger today: destructive cyber attacks. Ransomware and corporate email account theft (BEC) are common today, but this year we have seen strong growth in this type of programs written to destroy information”.

Fortinet Threat Report 2022. Fortinet photo

Fortinet Threat Report 2022. Fortinet photo

“They’ve been around for a long time, but normally in the past they were only used by sponsored attacks by states to destroy information from other nations. A cybercriminal who does ransomware he doesn’t destroy the system because he wants to hold the user hostage: he wants to encrypt the data and wants to say ‘Okay, give us the money and we’ll give you your data back’. If you destroy them, you can’t return them.”, he had in dialogue with this medium.

In addition, there was a spike in denial of service attacks in Argentina in October 2022. “These attacks are very famous, as they have become part of extortion techniques, especially by governments. Growth is expected from the large number of groups activists that exists in Latin America,” explains to Clarín Arturo Torres, Threat Intelligence Strategist for FortiGuard Labs for Latin America and the Caribbean.

The status of ransomware as a service

LockBit, the group with the most attacks in 2022. Source: Kela

LockBit, the group with the most attacks in 2022. Source: Kela

FortiGuard Labs Incident Response reports “found that cybercrime financially motivated resulted in the highest volume of incidents (73.9%), with a second place attributed to espionage (13%)”.

In all of 2022, 82% of financially motivated cybercrime “involved the use of ransomware or malicious scripts, demonstrating that the global ransomware threat continues with no evidence of slowing down thanks to the growing popularity of ransomware.” Ransomware as a Service (RaaS) on the dark web: the volume of ransomware has increased by 16% since the first half of 2022.”

Therefore, there is no evidence of a slowdown in ransomware as a service, a type of outsourced cyberattack, in which a group of cybercriminals programs the ransomware itself (the “payload”) and a third party deposits it.

In Argentina there were many cases last year, with Artear and Osde at the forefront, but also the Legislature of Buenos Aires, the National Senate and the Justice of Córdoba. This year Grupo Albanesi e The second (LockBit).

“Bands that have this mode they put their malicious code up for sale. This usually happens through the dark web: there they sell their encryption program and look for someone to distribute it. The partner or affiliate can be an employee of the attacked company or someone who has purchased the service to deposit it with a victim, because they have privileged access,” Torres explains.

“When ransomware is distributed and a company is infected, the extortion and bargaining begins. That’s when the gang starts interacting. After trade the profits are shared between the creator of the malicious code, i.e. the cybercriminal group, and its affiliates”, adds the expert Fortinet to understand the system. Bands like LockBit, for example, have been known to give you the winds% economic advantage for its partners.

Reused code and old botents

DDoS, a type of denial of service cyber attack.  Shutterstock photos

DDoS, a type of denial of service cyber attack. Shutterstock photos

Another point that the report highlights is the ability to launder the codes devised by cybercriminals.

“I am entrepreneurs by nature and seek to maximize existing investment and knowledge to make their attack efforts more effective and profitable – code reuse is an efficient and profitable way in which criminals build on successful findings and make iterative changes to perfect their attacks and overcome defensive obstacles,” they explain from the lab.

“When FortiGuard Labs analyzed the top malware for the second half of 2022, most of the top spots were held by malware older than a year. Cybercriminals not only automate threats, but actively update the code to make them even more effective,” they conclude.

In fact, the latest code from the LockBit gang of cybercriminals (known as Green block tip), reuses part of the code of the now extinct group with you.

Another interesting point has to do with botnets to build various attacks: They found that there are surveys of old infrastructure that are still effective.

“When you look at botnet threats by prevalence, many aren’t new. These “old” botnets are still ubiquitous for a reason: they still are very much so effective”, the details of the report.

In particular, they found that they are prevalent in attacks against the telecommunications sector and the manufacturing sector, known for its pervasive operating technology (OT). “Criminals are making a concerted effort to target these industries in ways they are already familiar with,” they warn.

These industrial technological structures are tremendously vulnerable, because the vast majority are far behind in terms of information security parameters. log4jthe application that suffered a critical vulnerability in 2021, is still exploited by systems that do not have security updates.

Phishing

Password theft is usually the most common form of intrusion.  Photo: Shutterstock

Password theft is usually the most common form of intrusion. Photo: Shutterstock

Finally, it is important to remember that the entry vector for hacking systems is usually a high percentage of deception through phishing.

“The first thing to understand is that awareness is key. Cybercriminals take advantage of the fact that we all use digital platforms, from work to video games, where our credit cards are for example,” warns Torres.

Also remember that there are three best practices that should be incorporated: don’t open suspicious emails, have strong passwords, or better yet, use a password manager, and always check that you have a second factor in authentication.

Source: Clarin

- Advertisement -

Related Posts