Significant Rise in Malware in the LACNIC Region
In 2017, phishing continued to be the main cyber-threat in Latin America and the Caribbean. However, according to reports received by LACNIC WARP, the center for the coordination of computer security incident response for members of the LACNIC community, during the past year there was a significant increase in malware attacks.
Headed by Graciela Martínez, LACNIC WARP is an incident warning, advice, and reporting point where community members can manage their computer security issues and access confidential information about latent threats in the region.
Statistics for 2017 show that phishing represented 52% of all incidents. This was followed by malware attacks (software designed to perform malicious actions on a system), which grew significantly and reached 21.8% of the total. Redirect incidents (an attack method used to redirect a user from one link to another) accounted for 17.6%, while pharming (vulnerability in the DNS server software) represented 4.5% of the total number of incidents and completes the list of the most common threats. (Statistics: https://goo.gl/RhXqFT )
The fact that phishing remains the main threat “means that users are still unable to recognize fraudulent websites” and that it is “an increasingly sophisticated type of attack,” warned Martínez, Head of LACNIC WARP.
The expert on security issues expressed her concern regarding the progress of malware attacks using cryptographic primitives, as these can cause greater damage than other types of attacks. Malware is malicious code usually used to steal information, destroy systems in whole or in part, or hijack information.
Criminals have leaned heavily towards malware and ransomware, as both make it easier for them to collect a ransom in bitcoins, a currency that is hard to trace by those investigating the crime.
Martínez observed that, in addition to the degree of specialization of cybercrime, one of the main obstacles that is hindering the chance to put an end to these attacks is users’ failure to update their systems. “Technology has advanced, business has moved to the web, but we have not accompanied this with policies on end-user training,” said Martinez.
The key to curbing cybercrime is training. Last year, LACNIC WARP conducted in-person training activities in Haiti, Suriname, Colombia, and Uruguay, and promoted the strengthening of incident response capabilities through the creation of new national incident management centers.
Currently, there are approximately 60 computer security incident response teams in the LACNIC region.