They detect 80% fewer cyberattack attempts in 2023 but “more sophisticated and with new variants”

Argentina received 2,000 million cyberattack attempts in 2023, according to data from FortiGuard Labs, Fortinet’s threat intelligence and analysis laboratory. This is the telemetry that arises from the detection systems that the cybersecurity company has, such as firewalls y antivirus and represents a reduction of 80% compared to 2022.

However, this number, they warn, is something to look at closely: “Although the figure is lower than the previous year, 2022, when 10 billion attempted cyberattacks were reported, that reduction is not necessarily good news. This is a trend that is verified globally, where fewer massive attacks are observed and a higher volume of unique exploits and new variants of malware and ransomware that are much more targeted,” the company explained in a statement it shared exclusively with Clarion.

“In short, there are fewer attacks, but because they are designed for specific objectives, which makes them more sophisticated and with a greater chance of success if organizations They do not have cybersecurity defenses integrated, automated and updated,” adds the 2023 Fortiguard Labs Report.

Company numbers act as a thermometer of a threat landscape that is constantly expanding, while the attack surface that attackers take advantage of is increasingly larger: phones, smart devices, computers and every device that connects today. to the internet, multiplying the possibility of suffering an attack for users.

However, they should be taken as a trend and not absolutely: many times telemetry speaks more about the system it measures than about what is measured. This Fortinet trend It is consistent with that of other companies in the industry.

The Latin America and Caribbean region suffered 200 billion attempted attacks in 2023, which constitutes 14.5% of the total reported globally last year. The Latin American countries with the highest cyberattack activity in 2023 were Mexico, Brazil and Colombia.

Among the data from the report, which this media was able to access, are the following points highlighted by the company:

• He ransomware continued significant activity in 2023. While detections may have decreased in volume, this trend supports what FortiGuard Labs has seen in recent years: ransomware and other attacks are becoming more specific and targetedthanks to increasing sophistication in attacker tactics, techniques and procedures and the desire to increase ROI [retorno sobre la inversión] by attack. This phenomenon underscores the importance of remaining vigilant and strengthening defenses against potential targeted attacks.

• During 2023, a notable presence of threats was observed linked to Microsoft Office applications. Although many of these threats already have their remediation signatures, the persistence in their detection suggests that attackers continue to find utility in their exploitation, since the systems of many organizations have not been patched or updated. An example of this is FortiGuard Labs’ recent discovery of a phishing campaign distributing a new variant of Agent Tesla malware. This well-known malware family uses a remote access trojan and data stealer to gain initial access. It is often used by cybercriminals to offer malware as a service (MaaS).

• Malware distribution via files Microsoft Office, como Excel, Word y PowerPointhas represented almost 50% of malware detections in 2023. Therefore, the implementation of awareness strategies among workers is recommended, as well as the use of controls such as Antispam, AntiMalware, EDR, among others, that allow detecting and mitigate this malicious activity effectively.

• Prometheus, a malware with the ability to remotely control infected machines, has seen a notable increase in activity in Latin America during 2023; Panama and Ecuador are the countries with the highest activity detected. Not only does Prometei have the ability to spread laterally across networks, steal password credentials, and execute arbitrary commands, but it can also download and execute additional malicious components. In addition, it has the capacity to mine cryptocurrencies and update automatically.

• As in previous periods, Double Pulsar exploitation continues to top the list as the predominant vulnerability in practically all Latin American countries, representing 75% of all malicious activity detected in the last quarter of 2023. Since this threat has been identified long ago and has its remediation signatures, this phenomenon highlights the critical need to update systems and implement the recommendations of cybersecurity vendors.

• An exponential increase in malicious activities detected in Mexico was observed during the fourth quarter of 2023, experiencing surprising growth in 950% compared to the previous year. This phenomenon is primarily linked to a notable increase in reconnaissance tactics that actively search for exposed systems that use the SIP protocol for voice over Internet calls, giving remote attackers the ability to collect sensitive information or even gain access to vulnerable systems.

“In this context, organizations must be more prepared than ever today, including cybersecurity as part of their business strategy. Have a broad platform that converges networks and security, is integrated to reduce the complexity of operations and is automated with AI to reduce the burden of IT equipment and be able to monitor, detect and isolate any intrusion attempt before it infiltrates the network and even when it has already done so,” the company closes.

Argentina was the protagonist of a series of attacks that shook the local cybersecurity scene, both in the public and private spheres.

At the beginning of the year, Grupo Albanesi, Argentina’s main natural gas marketer and electricity supply provider, received a ransomware attack from LockBit, one of the most prolific cybercriminal groups in the world (which, just over a month ago, suffered a severe blow from the authorities). In March, the same group encrypted information from La Segunda.

In May, Farmalink, an online system that manages prescription management in pharmacies, received a cyber attack that paralyzed normal operations throughout the country. But without a doubt one of the most resonant hacks was that of the National Securities Commission, the entity that regulates markets at the local level, which suffered a cyber attack by the Medusa group.

In August, the Ryshida group hacked PAMI, an issue that made headlines throughout the region and, along with the cyber attack that the UBA received at the end of last year, was the loudest topic of conversation in the world of cybersecurity local.

Fortinet’s numbers provide a more general picture, but specific cases show that the complex threat landscape affects users and entities throughout Latin America.