Financial Attacks Grow in Latin America and Piracy Concerns Increase

Kaspersky’s Threat Landscape (which analyzed data from January to August 2021 and the same period in 2022) revealed that, in 2022, 2,366 malware attacks and 110 fraudulent (phishing) messages were blocked per minute in Latin America. The results also show that the region has become a major hub for global financial threats and that the use of piracy has once again become one of the main vectors of infection.

According to the study, cyberattacks in the region have varied significantly during the pandemic. Between January 2020 and September 2020, there was a 64% increase in blocking malware attacks. It was followed by a 39% decline between September 2020 and January 2022, when malicious activity returned to pre-pandemic levels. However, between January and May of this year, there was a 30% increase. Considering the first eight months of 2022, we recorded a total of 817 million attempted attacks in Latin America, representing 2,366 blocks per minute.

Looking at the data per country, Brazil stands out as the market with the most malware attacks, with 1,554 attempts per minute or 65% of all blockages in the region. It is followed by Mexico with 298 attempts per minute, Peru with 123 blocked attacks per minute, Colombia and Ecuador with 84, respectively, Argentina with 30 and Chile with 28 attempts/minute. When analyzing the top 20 threats affecting Latin American Internet users, piracy appears as one of the main concerns, taking up seven positions on the list. It is followed by adware (which displays spam) in the top three places.

“Unfortunately, we have found that the use of piracy continues to be one of the main vectors of infection. That is, a ‘cracked’ system opens the doors of the infected computer to other criminals. Although this trend may be a reflection of the economic crisis affecting individuals and companies, especially smaller ones, we must warn that saving money with software licenses does not justify the risk of falling victim to other scams, such as ransomware or financial data theft,” warns Fabio Assolini, director of Kaspersky’s Research and Analysis Team for Latin America.

Another finding of the study points to the importance that Latin America has gained in the global scenario of financial scams (banking Trojans). “While the global trend is that these attacks have decreased, in the region they have increased if we compare the 127,000 blockages recorded in January 2021 versus 174,000 in August 2022. On average, we block 5,216 banking Trojan infection attempts per day,” the director detailed.

Among the 12 most common families of financial scams, seven of Brazilian origin stand out: BestaFera, ChePro, Banbra, Ponteiro, Passteal, Javali, Casbaneiro and Vadokrist. “Today, any Brazilian group that carries out a banking fraud is already born with an international operation. The most recent example is Ponteiro, of which we have detected new malicious files this year and which has added 30 new names to the group’s initial list of 70 targeted banks. Its operations are concentrated in Brazil, Mexico and Peru, and the Trojan carries out the fraud by creating fake pages that it places on top of the real bank pages for the victim to enter their password and verification code, while the malware carries out the fraud on the real site,” explains Assolini.

The director of the Research and Analysis Team also highlights another important finding of the study: Latin American online threats are targeting mobile devices more than computers. In the last 12 months, 6,394 attack attempts per day were registered against Android devices in Latin America, which already represents more than the number of banking Trojan blocks in the region. Among the top nine threats, six are programs that display spam. This is followed by programs that register the victim for paid services by sending an SMS.

Phishing: Latin America’s greatest villain!

Despite the popularity of malware in the cybersecurity industry, the biggest threat in Latin America is phishing, i.e. fraudulent messages sent by email, SMS and, above all, through social networks and messaging apps such as WhatsApp.

Kaspersky’s Threat Landscape shows that in the first eight months of 2022 the company’s technologies blocked 38 million accesses to fraudulent links, a figure that represents 75% of the phishing attempts in 2021, when a total of 52 million were recorded. On average, Kaspersky prevents 110 fraudulent website visits per minute in the region.

Once again, Brazil is the most targeted country in Latin America, followed by Ecuador: both are on the global list of the top 10 phishing attacks and rank 6th and 8th, respectively. They are followed by Peru (33rd), Colombia (37th), Chile (48th), Panama (51st), Guatemala (61st), Paraguay (65th) and Mexico (71st).

“If we look at the data for the first eight months of 2022 versus the first eight months of 2021, we see that there has been an explosion of phishing attacks across the region. Guatemala is one of the countries with the highest growth in this threat (188%) and is followed by Peru (157%), Dominican Republic (129%) and Colombia (127%). Although Brazil is in the last position with an increase of 12%, it is where there are more attacks of this type”, said the executive. Other countries affected are Argentina 63%, Chile 62%, Costa Rica 60%, Mexico 49% and Panama 28%.

Finally, the study reveals the main interests of these fraudulent messages: 27% seek to steal Internet/mobile banking credentials, 22% aim to steal social network credentials, 18% steal credentials for online services (online stores, streaming, etc.), 9% use financial services topics to steal passwords and 7% want payment data (credit card).