- The most common attacks in Latin America and the Caribbean are malware infections generating unwanted adds or redirection to sites infected with malware
- Trojans and backdoors mechanisms are responsible for the fraud attempt in banks and financial services in the region
Fortinet Threat Intelligence Insider Latin America, a report made by the security solutions company, for the Q4 2019 revealed increasing malware, exploits and botnet activity in Latin America and the Caribbean. In the last quarter of the year, the region suffered more than 9 billion attack attempts, totaling 85 billion in 2019. Trojans and backdoors mechanisms represent the main fraud threats in banks and financial services in the region.
According to the report, the most common cyberthreats in Latin America and the Caribbean are:
- malware infections generating unwanted adds or redirection to sites infected with malware;
- trojans or backdoors that allow the attacker to take full control of the infected devices;
- viruses or infections of advanced malware for the exfiltration of information such as passwords and users;
- malware for the exploitation of common vulnerabilities that allow attackers’ remote access to infected devices;
- and riskware, the use of free software or of software unrecognized origin, that offers regular user characteristics but also enables the possibility of infections.
DoublePulsar and Emotet botnet
DoublePulsar, the backdoor used by the WannaCry ransomware, is still a mechanism for distributing malware in the region. Considering it takes advantage of already resolved vulnerabilities, its continuous use evidences the vast software footprint without updates in Latin America, affecting companies and individuals alike. DoublePulsar is mainly targeted to banks and financial service companies.
Banking companies are the main target of online criminal attacks in Brazil. According to Fortinet Threat Intelligence Insider Latin America data, most criminals aim breaking banking networks, obtaining financial information and stealing money from people or companies.
Brazil was the Latin America country that suffered the most with cyber attacks. There were, on average, 65 million per day, totaling 24 billion criminal attempts in 2019 only in Brazil.
The Emotet botnet (aimed at attacking mostly banks) reappears prominently in the report detections for the fourth quarter, and Latin America provides a 45% presence of this botnet globally. It’s also a Trojan malware that targets the Windows platform. It contacts Command and Control servers via HTTP or HTTPS requests. A remote attacker can issue commands to the malware to perform different operations. Emotet can download and install additional malware such as ransomware.
Scanning down the list of threats, for the most part, the top five or so threats are consistent across regions around the world – not only in Latin America – which reflects the opportunistic nature of, for instance, scanning for ThinkPHP vulnerabilities across a wide IP range.