Cybersecurity Trends in Latin America and the Caribbean
According to a report presented by LACNIC WARP during the webinar titled Cybersecurity Trends in Our Region organized by the Internet Address Registry for Latin America and the Caribbean, cybercrime manages to pocket between 15 and 20 percent of the economies generated each year by the Internet thanks to cybercriminals’ growing degree of specialization, a lack of adequate responses, and existing legal vacuums.
The reason why cybercriminals are able to get away with their multi-million dollar spoils is that they have focused on perpetrating organized attacks targeting the places where there is money online, said Graciela Martínez, head of LACNIC’s computer security incident response team for the LACNIC community (LACNIC WARP).
While phishing continues to lead the cyberthreat ranking in Latin America and the Caribbean representing 60% of recorded attacks, there has been a significant increase in the use of malware (18.9%) and redirect (16.35%), according to reports submitted to WARP by the LACNIC community.
“Crime has moved online. Cybercriminals can now make money from the comfort of their homes,” noted Martínez during the conference.
Ransomware attacks, i.e. attacks using a type of software designed to perform malicious actions unless a ransom is paid, have increased significantly, with organizations willing to pay this ransom for criminals to provide the key to retrieve their encrypted information.
Martínez warned that botnet statistics in the LACNIC region are also quite striking. A botnet consists of Internet-connected devices, each autonomously and automatically running one or more bots which attempt to control infected computers and servers. “These botnets are exploiting obsolete operating systems or systems that have not been updated in five or ten years. This should lead us to reflect on the situation. Why haven’t we updated or protected these systems for so long?” added Martínez.
In turn, Darío Gómez, security analyst at LACNIC WARP, reported on specific attacks that are growing daily in Latin America and the Caribbean.
He first mentioned BGP hijacking, a form of illegally taking over IP addresses by corrupting Internet routing tables. Malicious attackers take advantage of the fact that these are trusted announcements. One way of securing BGP routing is through LACNIC’s RPKI system, which allows validating IP addresses and resources.
According to Gómez, open resolvers are another major problem detected in the LACNIC region. These are DNS resolvers that are publicly accessible and willing to resolve recursive queries for anyone on the Internet and therefore vulnerable to cyberattacks. Open resolvers can be used for DNS amplification attacks, allow faking IP addresses, and are vulnerable to cache poisoning attacks. In this sense, the expert commented that, since last December, LACNIC WARP has been working on a project to identify open resolvers on IPv6 in the region to alert and recommend possible corrections to the configuration of this service.
Early Intelligence. Gómez reported that LACNIC is working on a regional honey net, a tool designed to be attacked and collect information about potential attacks. “We are creating intelligence about how attackers try to breach our servers and services,” said Gómez. Since it has been operational, this regional honey net has received 332 thousand attacks, mainly from Mexico, Brazil and the Dominican Republic.
During the webinar, the two LACNIC experts encouraged participants to report any computer security incident to their CERTs, CSIRTs and LACNIC WARP.
In closing, Martínez offered recommendations and proposed topics on which Internet users and organizations can work to improve cybersecurity and keep attackers from being successful.
To watch a recording of the webinar, click here (in Spanish).
A mailing list has been created to discuss security-related issues. This list can be used to share information and request collaboration. Click here to subscribe.
CSIRTs or CERTs already operating in the region can request their inclusion on the email@example.com list. To do so, they must be presented by an existing member.