Internet criminals have opened a new front in Latin America and the Caribbean and seem to have founded booming businesses thanks to low levels of cybercrime protection and awareness, a rare but timely analysis of the region by Trend Micro has found.
After gathering data from 20 out of 32 Organization of American States (OAS) and its own honeypots, Trend concludes that cybercrime is on the rise, not a surprise perhaps given that this is a global phenomenon, but worth paying attention to for any firm doing business in these countries.
Overall, incidents increased in OAS countries by between eight and forty percent in every category of threat in 2011-2012, with hacktivism, attacks on online banks, and infrastructure probes particular standouts.
More interesting than the percentages alone, however, were the inferences Trend was able to make about underlying cybersecurity based on the types of attack that were reported.
Conventional file infector malware was a major issue in the region, which Trend takes to suggest that patching is poor, operating systems run in insecure states and indicative of a general complacency among consumers about the risks of poor software behaviour.
Native organised crime (as opposed to Eastern European gangs) also seem to booting up quite successfully, tailoring attack methods to the particular weaknesses found in different countries. This includes gangs that develop their own crimeware kits, with 2012's ‘PiceBot’ a good example of banking malware that heralds a new level of sophistication for homegrown malware.
Protection for Industrial Control Systems (ICS) is also a worry with many Internet-facing systems open to attack; Trend itself recorded 39 attacks on infrastructure systems in the geography in a single month during 2012, 12 of which it classified as automated, repeated and targeted.
Perhaps the biggest weakness of all is simply the desperately uneven response of governments in the region. Money, expertise, and a lack of cyber-awareness remains an issue although Trend did find that many countries were now being positively galvanised by the emerging global culture in government cyber-defence.
“On the whole, political leaders are aware of the dangers of cybercrime and hacking but efforts are often restricted by the lack of resources dedicated to building cybersecurity capacity and shortage of specialized knowledge and expertise to implement technical policies,” said Trend’s researchers.
As might be expected, the report uncovered widespread differences in the way incidents are recorded, categorised and a lack of any agreed framework for understand their severity. These same issues affect cyber-crime analysis the world over. Under-reporting is as big an issue as it is everywhere else.