Fortinet: detect 80% fewer attempted cyber attacks in 2023 but “more sophisticated and with new variants”

In 2023, Argentina received 2,000 million attempted cyber attacks, according to data from FortiGuard Labs, Fortinet’s threat intelligence and analytics lab. This is telemetry that comes from the detection systems that the cybersecurity company has, for example firewall and antivirus and represents an 80% reduction compared to 2022.

However, this number, they warn, is something to watch closely: “Although the figure is lower than the previous year, 2022, when 10 billion attempted cyber attacks were reported, that reduction is not necessarily good news. This is a trend that occurs globally, where fewer massive attacks are observed and a greater volume of unique exploits and new, much more targeted variants of malware and ransomware,” the company explained in a statement shared exclusively with Clarion.

“In short, there are fewer attacks, but because they are designed for specific targets, which makes them more sophisticated and more likely to succeed if organizations They have no cybersecurity defenses integrated, automated and updated,” adds the Fortiguard Labs 2023 report.

The numbers of companies act as a thermometer of an ever-expanding threat landscape, while the attack surface that attackers use is increasingly wider: phones, smart devices, computers and every device that connects to the Internet today are multiplying . the possibility of suffering an attack for users.

However, they should be taken as a trend and not as an absolute: many times telemetry speaks more about the system that measures than about what is measured. This Fortinet trend It is consistent with that of other companies in the sector.

Trends and regions

The Latin America and Caribbean region experienced 200 billion attempted attacks in 2023, making up 14.5% of the total reported globally last year. The Latin American countries with the highest cyber attack activity in 2023 were Mexico, Brazil and Colombia.

Among the data from the report to which these media have had access are the following points highlighted by the company:

• He ransomware continued significant activity into 2023. While the volume of detections may have decreased, this trend supports what FortiGuard Labs has observed in recent years: Ransomware and other attacks are becoming increasingly specific and targetedthanks to the increasing sophistication of attacker tactics, techniques and procedures and the desire to increase ROI [retorno sobre la inversión] for attack. This phenomenon highlights the importance of remaining vigilant and strengthening defenses against potential targeted attacks.

• A notable presence of threats has been observed during 2023 connected to Microsoft Office applications. While many of these threats already have remediation signatures, the persistence in their detection suggests that attackers continue to find utility in their exploitation, as many organizations’ systems have not been patched or updated. An example of this is FortiGuard Labs’ recent discovery of a phishing campaign distributing a new variant of the Agent Tesla malware. This well-known malware family uses a remote access Trojan and a data stealer to gain initial access. It is often used by cyber criminals to deliver malware as a service (MaaS).

• Distribution of malware via files Microsoft Office, such as Excel, Word and PowerPointaccounted for almost 50% of malware detections in 2023. Therefore, the implementation of awareness strategies among workers is recommended, as well as the use of controls such as Antispam, AntiMalware, EDR, among others, which allow to detect and effectively mitigate this malicious activity.

• Prometheus, a malware with the ability to remotely control infected machines, saw a notable increase in activity in Latin America during 2023; Panama and Ecuador are the countries with the highest activity detected. Prometei not only has the ability to spread laterally across networks, steal password credentials, and execute arbitrary commands, but it can also download and execute additional malicious components. Furthermore, it has the ability to mine cryptocurrencies and update automatically.

• As in previous periods, Double Pulsar exploitation continues to top the list as the predominant vulnerability in virtually all Latin American countries, accounting for 75% of all malicious activity detected in the last quarter of 2023. Since this threat was identified long ago and has its own remediation signatures, this phenomenon highlights the critical need to update systems and implement recommendations from cybersecurity vendors.

• An exponential increase in malicious activity detected in Mexico was observed in the fourth quarter of 2023, recording astonishing growth 950% compared to the previous year. This phenomenon is primarily related to a notable increase in reconnaissance tactics that actively search for exposed systems that use the SIP protocol for voice calls over the Internet, giving remote attackers the ability to gather sensitive information or even gain access to vulnerable systems .

“In this context, organizations today must be more prepared than ever, including cybersecurity as part of their business strategy. Have a broad platform that converges networking and security, is integrated to reduce operational complexity, and is automated with AI to reduce overhead of IT equipment and be able to monitor, detect and isolate any intrusion attempt before it infiltrates the network and even when it has already done so,” the company shuts down.

Argentina in cyber attacks: 2023, a busy year

Argentina has been the protagonist of a series of attacks that have shaken the local cybersecurity landscape, both in the public and private sectors.

Earlier this year, Grupo Albanesi, Argentina’s main natural gas distributor and electricity supplier, received a ransomware attack from LockBit, one of the most prolific cybercriminal groups in the world (which, just over a month ago, suffered a major blow from the authorities). In March, the same group encrypted La Segunda’s information.

In May, Farmalink, an online system that manages prescription management in pharmacies, received a cyber attack that paralyzed normal operations across the country. But undoubtedly one of the most sensational hacks was that of the National Securities Commission, the body that regulates the markets at a local level, which suffered a cyber attack by the Medusa group.

In August, the Ryshida Group hacked PAMI, an issue that made headlines across the region and, along with the cyberattack suffered by UBA late last year, was the loudest topic of conversation in the security world local IT.

Fortinet’s numbers provide a more general picture, but specific cases show that the complex threat landscape affects users and entities across Latin America.