Type to search

Featured Telecommunications/Technology

Puerto Rico hit with 737M cyberattacks so far in ’22, Fortinet says

Puerto Rico was the target of 737 million attempted cyberattacks in the first half of the year, an increase of 294% compared to the same period in 2021, according to a study by Fortinet, a global provider of comprehensive, integrated, and automated cybersecurity solutions.

Fortinet disclosed data collected in the first half of 2022 by its threat intelligence lab, FortiGuard Labs.

The Latin American and Caribbean regions suffered 137 billion cyberattack attempts from January to June this year, a 50% increase compared to the same period last year (with 91 billion). Mexico was the most attacked country in the region (with 85 billion), followed by Brazil (with 31.5 billion) and Colombia (with 6.3 billion).

In addition to the extremely high numbers, the data reveals an increase in the use of more sophisticated and targeted strategies, such as ransomware. During the first six months of 2022, approximately 384,000 ransomware distribution attempts were detected worldwide. Of these, 52,000 were targeted for Latin America and the Caribbean.

Mexico had the highest ransomware distribution activity in the period, with more than 18 thousand detections, followed by Colombia (17,000) and Costa Rica (14,000).

Furthermore, FortiGuard Labs also confirmed that the number of ransomware signatures has almost doubled in six months. In the first half of 2022, 10,666 ransomware signatures were found in Latin America, while only 5,400 were detected in the last half of 2021.

“We are experiencing a growth in ransomware variants, with different malicious actors and international cybercriminal groups affecting companies across industries, governments, and even entire economies,” said Arturo Torres, cybersecurity strategist at FortiGuard Labs for Latin America and the Caribbean.

“In addition to the increased use of Ransomware-as-a-Service (RaaS) — where ransomware creators deliver ransomware to third parties in exchange for a monthly payment or a portion of the profits made — we have seen some ransomware actors offer their victims 24/7 technical support services to speed up the payment of the ransom and the restoration of encrypted systems or data,” he said.

The most active ransomware campaigns in the region during the first half of 2022 were Revil, detected mainly in Mexico, followed by LockBit and Hive. The Conti ransomware has been one of the most popular in the media due to its recent high impact in Costa Rica, the firm stated.

“In short, we are seeing a remarkable increase in cyber threats’ dangerousness, sophistication, and success rate. These digital risks can no longer be addressed with specific or very complex solutions; it’s necessary to have an integrated platform that’s simple and can prevent, detect and respond to threats in an increasingly automated way,” Torres said.

Other highlights of the report for the first half of 2022:

  • During this first half of the year, the most detected exploitation technique in the region was related to the vulnerability known colloquially as “Log4Shell.” This vulnerability allows remote complete code execution (RCE) on a vulnerable system.
  • Web-based malware appears to be one of the most effective ways adversaries distribute HTML- and JavaScript-based malware, using millions of malicious URLs as delivery channels to spread malware across the web. Once infected, victim devices can be taken over by adversaries, who can use them to commit cybercrimes such as credential theft, spam, and distributed denial-of-service attacks.
  • On the other hand, we observed a strong distribution of malware in the region through Office documents, primarily Excel, which allows the attacker to take advantage of the application’s vulnerability to execute instructions or gain access to the system.
  • Mirai is an IoT malware that causes infected devices to join a network of botnets used for Distributed Denial of Service (DDoS) attacks. As seen throughout 2021, Mirai is still the Botnet campaign with the most activity in all Latin-American countries. This botnet campaign has been adapted to spread using recent vulnerabilities such as Log4Shell.
  • Finally, it is worth mentioning that botnet campaigns such as Bladabindi and Gh0st are still very active in Latin-American countries, allowing attackers to take full control of an infected system, record keystrokes, and access the webcam live and the microphone, download and upload files and other nefarious activities.

Author Details
Author Details
This story was written by our staff based on a press release.

Leave a Comment

Your email address will not be published. Required fields are marked *