Peru stands out in the regulation of AI, but it is still easy white of phishing

MIRA: Insecurity in Peru: how can technology and AI help fight theft and extortion?

It was – and it is still – Phishing attacks, a form of social engineering that seeks to manipulate users to voluntarily deliver sensitive data, such as passwords, card numbers or accounts to accounts. Although the format has evolved – today arrives by mail, text messages, calls or social networks – the objective is the same: impersonate a reliable entity to steal information.

The usual phishing

Today, with the help of tools available to anyone, phishing has even been perfected. Creating more convincing messages, which supplant the identity of third parties and care for the writing style, is very simple.

Sometimes, these malicious emails seek to obtain sensitive information from victims; Other times they include malware, malicious files that can range from the simplest to the most sophisticated. In some cases, these programs infect their victims and allow attackers to have remote access, spy on and steal information, often without being detected.

One of the most prevalent malware types in this context is infostealerdesigned to steal confidential information. In our country, the most detected are Win32/Spy.LummaStealerspecialized in the theft of passwords, cryptocurrencies and cookies; Msil/spy.agentteslaa spy Trojan who records keyboard pulsations and system data; and finally MSIL/Spy.RedLinefocused on extracting credentials and financial data, which is usually hidden from software cracks or fraudulent sites.

How, after so many years, are we still victims of phishing? To Fabiana Ramírezsecurity researcher For Latin America of ESET, what we see is a lack of awareness.

“Technology advances every day, and with it, phishing techniques are perfected: they no longer arrive by email, but also by messages, calls or other forms of social engineering. The problem is that many people do not take the time to learn about these risks or are not so familiar with technology, which makes them more vulnerable. Cybercriminalexplains a Commerce The specialist.

Ramírez also points out that, according to UNICEF reports, children are the most vulnerable to this type of threats.

“On the one hand, because they still do not have the awareness or understanding of digital risks and, on the other, because it is the most time connected to technology, many times without supervision. To this is added that their parents, due to ignorance, do not always know how to handle or control these issues”.

MIRA: Cybercriminals do not need your password: this is the mistake that opens the door to your private information

Violated: nobody saves

Some of the mentioned Malwares take advantage of systems vulnerabilities. No digital system is perfect: they all have weak points and, therefore, are exposed. There may be vulnerabilities that spend a lot of time unnoticed, until a cybercrime discovers that it can exploit them.

The striking thing in the Peruvian case is that many of the most exploited vulnerabilities are old, all already corrected by their respective manufacturers by security patches. However, these updates do not apply in the country with the necessary frequency.

Among the most exploited are:

• CVE-2012-0143 (43%): Critical failure in Windows that allows remote code execution.
• CVE-2017-0199 (16%): Used to compromise equipment through Office files.
• Log4Shell – CVE-2021-44228 (4%): Vulnerability in Apache Log4J that remains exploited in outdated environments.

In this case, it’s not just a lack of awareness.

“It is also a matter of resources. Many applications are payable, and although they do not seem faces in other contexts, for many people in Latin America they represent considerable expense. That leads to the choice not to update or install pirate versions. In addition, in our countries, piracy is so naturalized that it seems common, even if it is illegal. It is socially accepted behavior”Ramírez comments.

“Who did not use Ares to download music years ago? We all knew it was a pirate, but nobody told us about the risks that it implied. And today something similar continues to happen, with the difference that we now have exposed much more sensitive data, such as those of our bank accounts,” he adds.

However, this is not just a reality that affects the common user. Even companies face this panorama. Many began to digitize their information with tools such as Excel 2008, and until today they continue to use them. Because? For fear of change, error, to the learning curve of new systems.

“That fear makes them not update the tools or train their employees, and that opens the door to many vulnerabilities. It is not only about ignorance, but also a lack of technological strategy”.

And neither the State is saved from the constant incursions of the cyberbrains. Government institutions have been the target of repeated attacks. One of the most beaten has been RENIECwhose databases are offered in the black market, exposing information from millions of citizens: names, birth dates, addresses, family, labor data, among others. Many times it is not even cyber attacks, but internal leaks.

MIRA: The ‘sadistic and violent’ gangs’ that are mainly integrated by adolescents

“Every system, however, can be vulnerable. Even if you are protected, you can be the victim of an attack”Ramírez points out.

“It is true that entities such as Reniec have been violated, and is not exclusive to Peru. The root of the problem is the lack of consciousness, but also the lack of investment. In many governments, cybersecurity is not seen as a priority, although the data they handle are extremely sensitive.”

Towards more robust legislation

Not everything, however, are bad news. The country advances in the creation of laws that protect citizens’ data and regulate the development of artificial intelligence.

According to him Government preparation index for AI 2023Peru occupies position 58 worldwide and sixth place in Latin America. This advance is due to various initiatives oriented to technological promotion and regulation.

One of them is the National Artificial Intelligence Strategy (ENIA)an initiative of the Peruvian government for the period 2021-2026 aimed at promoting the research, development and adoption of AI, prioritizing key sectors for national development.

On the other hand, the Law No. 31814promulgated in July 2023, establishes a regulatory framework to promote the use of AI in an ethical, safe and transparent way, with the aim of contributing to the economic and social development of the country.

For its implementation, the Regulation draft Law No. 31814which details the procedures, obligations and security measures necessary to apply the law effectively.

For Ramírez, the law goes in the right direction:

“It is inspired by models of Europe and the United States, which are advanced in these issues. For the current context of Peru, it is an adequate law. Obviously, as technology advances and is implemented more, perhaps adjustments are perhaps needed. But today, it is on the right track.”

One of the great challenges that the legislation addresses is the training of trained professionals:

“Today we use ia in Latin America, but we do not develop it: we buy it. The country’s strategy is focusing on the development of local talent, and that seems fundamental to me”.

Another key aspect is to establish minimal security protocols:

“Until now, a lot has worked on use, but not so much in the safe environment for that use. And that is something that the legislation seeks to change.”.