Security Experts:

Cybercriminals Capitalizing on Ineffective Law Enforcement in Latin America: Trend Micro

Cyber-criminals are increasingly setting up shop in Latin American and the Caribbean to take advantage of low security awareness among users and ineffective law enforcement, according to a recent report from Trend Micro.

Cyber-crime in Latin American and the Caribbean is on the rise, with attackers focusing on industrial control systems and home-grown crimeware kits, Trend Micro said in a new report prepared in conjunction with the Organization of American States released Friday. Government, financial, and energy sectors in Latin America were at high risk for hit by sophisticated attacks, the report found.

"The number of attacks against utilities, banks, water purification plants, and other purveyors of essential services is on the rise," the report found.

Cybercrime in Latin AmericaAttacks on critical infrastructure, especially industrial control systems "are particularly acute" in the region, and attackers are taking advantage of the fact that these systems are directly connected to the Internet and have vulnerabilities that have not been fixed. While Internet-connected ICS itself is "not inherently dangerous" the fact that most of them are not password protected or kept up-to-date with th latest updates "needlessly exposes them to attacks," the report found.

In 2012, 51 ICS vendors reported 171 vulnerabilities in various systems, and Trend Micro found that many of those devices were Internet-facing systems in the region. Looking at two of the most popular types of ICS used in Latin America, Trend Micro foud 932 Internet-facing SCADA and VxWorks devices in Argentina, 694 in Peru, and 517 in Colombia, for example.

Trend Micro recorded 39 attacks on infrastructure systems in a single month in 2012, of which 12 were unique and 13 were repeated by the same actors over a period of several days, according to the report (PDF).

While hacktivism and politically motivated attacks were on the rise in the region, the bulk of criminal activity was financially motivated, according to the report. Criminals are also using cyber-crime for money laundering purposes outside of financial institutions, said Trend Micro. One country reported that more than 80 percent of the crimes investigated in 2012 involved some aspect of electronic crime or "illicit use of IT," the report found.

Attacks are mainly home-grown, with native organized crime taking advantage of cyber-space. Local gangs are developing their own crimeware kits, such as PiceBot, a type of banking malware, instead of relying on Eastern European developed tools, Trend Micro said. They use social media such as Orkut and IRC channels to advertise their wares and stolen data.

The criminal underground in Latin America "heavily relies on banking Trojans" compared with other regions which use ransomware and ATS, the report found.

Instead of hijacking servers, which law enforcement can trace and suspend, cyber-criminals are signing up for free trial periods at hosting services to launch their attacks, the report found. The campaigns themselves are short-lived because of the free trial, but are hard to trace, Trend Micro said.

"Law enforcement agencies need to take note of this region-specific tactic and adjust their policing and investigation tactics accordingly," the report found.

Conventional file infectors were the most prevalent in Latin American and the Caribbean, suggesting that users were not patching their software and operating systems regularly. There is a general complacency among users about risks of running vulnerable software and insecure removable media, according to the report.

Trend Micro based its analysis from data voluntarily provided by 20 out of 32 Organization of American States and its own honeypots. The report contains data from various institutions, such as computer security incident response teams and police cybercrime units in 13 Latin American countries and seven Caribbean states.

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.