Cybercrime booming in Latin America and Caribbean, Trend Micro finds

Region has become easy target

Internet criminals have opened a new front in Latin America and the Caribbean and seem to have founded booming businesses thanks to low levels of cybercrime protection and awareness, a rare but timely analysis of the region by Trend Micro has found.

After gathering data from 20 out of 32 Organization of American States (OAS) and its own honeypots, Trend concludes that cybercrime is on the rise, not a surprise perhaps given that this is a global phenomenon, but worth paying attention to for any firm doing business in these countries.

Overall, incidents increased in OAS countries by between eight and forty percent in every category of threat in 2011-2012, with hacktivism, attacks on online banks, and infrastructure probes particular standouts.

More interesting than the percentages alone, however, were the inferences Trend was able to make about underlying cybersecurity based on the types of attack that were reported.

Conventional file infector malware was a major issue in the region, which Trend takes to suggest that patching is poor, operating systems run in insecure states and indicative of a general complacency among consumers about the risks of poor software behaviour.

Native organised crime (as opposed to Eastern European gangs) also seem to booting up quite successfully, tailoring attack methods to the particular weaknesses found in different countries. This includes gangs that develop their own crimeware kits, with 2012's 'PiceBot' a good example of banking malware that heralds a new level of sophistication for homegrown malware.

Protection for Industrial Control Systems (ICS) is also a worry with many Internet-facing systems open to attack; Trend itself recorded 39 attacks on infrastructure systems in the geography in a single month during 2012, 12 of which it classified as automated, repeated and targeted.

Perhaps the biggest weakness of all is simply the desperately uneven response of governments in the region. Money, expertise, and a lack of cyber-awareness remains an issue although Trend did find that many countries were now being positively galvanised by the emerging global culture in government cyber-defence.

"On the whole, political leaders are aware of the dangers of cybercrime and hacking but efforts are often restricted by the lack of resources dedicated to building cybersecurity capacity and shortage of specialized knowledge and expertise to implement technical policies," said Trend's researchers.

As might be expected, the report uncovered widespread differences in the way incidents are recorded, categorised and a lack of any agreed framework for understand their severity. These same issues affect cyber-crime analysis the world over. Under-reporting is as big an issue as it is everywhere else.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about OASTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts