More than 152 million attempted cyberattacks were registered in Puerto Rico during 2020, out of a total of 41,000 million reported in Latin America and the Caribbean, reported Fortinet, a global leader in comprehensive, integrated and automated cybersecurity solutions.
Only from October to December, there were 61.5 million attempted attacks in the country. During this period, threats known as “phishing” emails spread throughout Latin America with attached HTML files, in an attempt to redirect the browser to malicious websites. “Malware” on the web has become the most common vehicle for distributing infected files, often being the gateway for data theft or hijacking, known as “ransomware.”
This data is part of Fortinet’s report for the fourth quarter of 2020 and its annual summary on cyberattack attempts, worked by its threat intelligence laboratory. FortiGuard Labs, which collects and analyzes cybersecurity incidents around the world on a daily basis.
Although the volume of cyberattack attempts remains extremely high, what is most alarming is the degree of sophistication and efficiency that cybercriminals have achieved thanks to advanced technologies and artificial intelligence (AI), which allow them to develop targeted attacks with greater chances of success. . This means that in fewer attempts, cybercriminals can do more damage.
“2020 demonstrated the ability of criminals to invest time and resources in more lucrative attacks, such as ‘ransomware.’ In addition, they are adapting to the new era of remote work with more sophisticated actions to deceive victims and access corporate networks, ”explained Daniel Vega, Country Manager for Fortinet Puerto Rico and the US Virgin Islands.
“We see a trend towards peripheral attacks, and not just the core network. The use of IoT devices and mission-critical industrial environments are some examples of access points for criminals, ”he noted.
He also warned that this 2021, we must be attentive to the emergence of new smart edges; that is, networks that adapt and expand according to the needs of the user. These not only create different attack vectors, but allow groups of compromised devices to work together to reach victims at 5G speeds.
“We must be alert to any suspicious mail or activity, and implement and follow all the necessary controls on personal devices to mitigate the risk of intrusion or violation of the security policies of our companies, including the periodic installation of available updates from manufacturers. ”Vega recommended.
“From a business point of view, it is necessary to add the power of artificial intelligence (AI) and machine learning (ML) to security platforms that operate in an integrated and automated way on the main network, in multi-cloud environments, in branches and remote workers’ homes, ”he added
Other findings from the 2020 Q4 report:
● Phishing campaigns remain the main attack vector. Numerous campaigns with Trojans were detected during this period, carrying out activities without the user’s knowledge and generally including establishing remote access connections, capturing keyboard input, collecting system information, downloading / uploading files and placing other “malware” on the system. Infected assets can perform denial of service (DoS) attacks and run or stop processes. The JS / ScrInject.B! it was the most active in the region in that period.
● Remote work is a gateway to corporate networks. A large number of malicious HTTP requests were logged to exploit vulnerabilities in various home router products, which could allow attackers to execute arbitrary commands. This may be a trend, as more people work from home, with less protection and more access to corporate data.
● Attempts to exploit vulnerabilities increase significantly. Numerous remote code execution attempts were detected against ThinkPHP and PHPUnit, a web framework used by a large number of web developers. The ThinkPHP vulnerability was revealed in 2018. It allows attackers to gain access to the server and install malicious software. Keeping servers up-to-date helps reduce the risk of “exploits.” Therefore, if you are using ThinkPHP version 5 or earlier, you must apply the latest update or vendor’s computer patch.
● Botnets target IoT devices. The Mirai botnet, targeting IoT devices, has become very robust and widely used over the years, gaining increasing interest from attackers targeting older vulnerabilities in IoT products to the consumer market. In recent months, Mirai has become stronger, faster, more resilient, and more evasive, adding other cyber weapons to its arsenal, such as exploiting vulnerabilities found in web servers. Cybercriminals are aware that IoT devices are less protected and take advantage of it.
● Older botnets are still active in Latin America: The Gh0st and Andromeda botnets, also known as Gamaru and Wauchos, appear as the most detected in Latin America, despite the fact that cybersecurity forces carried out a major elimination operation of the latter in December 2017. Again, apply the patches of manufacturers and performing regular updates is essential in terms of security.
Download the full report on the activity of cyberattacks in Puerto Rico during the fourth quarter of 2020, here.
Fortinet insures the largest companies, service providers, and government organizations around the world. It offers its customers intelligent, uninterrupted protection across the expanding attack surface and the ability to take on ever-increasing performance requirements in today’s and tomorrow’s networks. Only the Fortinet Security Fabric architecture can deliver more critical security functions, whether on the network, in applications, in the cloud, or in mobile environments. It ranks first with the largest number of security devices shipped worldwide; More than 480,000 customers trust Fortinet to protect their businesses. Both a technology company and a learning organization, the Fortinet Network Security Expert (NSE) has one of the largest and most comprehensive cybersecurity training programs in the industry. Learn more at http://www.fortinet.com, at fortinet blog, or in FortiGuard Labs.
About FortiGuard Labs
FortiGuard Labs is Fortinet’s threat intelligence and research organization. Its mission is to provide Fortinet customers with the best threat intelligence in the industry, designed to protect them from malicious activity and sophisticated cyberattacks. It is comprised of some of the industry’s most knowledgeable threat hunters, researchers, analysts, engineers and data scientists, working in dedicated threat research labs around the world. FortiGuard Labs continuously monitors the global attack surface using millions of network sensors and hundreds of intelligence sharing partners. It analyzes and processes this information using artificial intelligence (AI) and other innovative technology to mine that data in search of new threats. These efforts result in timely and actionable threat intelligence in the form of Fortinet security product updates, proactive threat research to help our clients better understand threats and the threat actors they face, and provide specialized consulting services. to help our clients identify and strengthen their security. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs