A surge in cybercrime emanating from Latin America has analysts warning that organized crime in the region is developing an increasingly sophisticated understanding of information technology, and the ways to make money from it.
“Cybercrime in Latin America has elevated to a new level,” Dmitry Bestuzhev, who works for the Russian computer security company Kaspersky Labs, told InSight Crime.
“In the past both the knowledge and the targets of the attacks were very limited. But now criminals in Latin America are following in the footsteps of cybercriminals in Eastern Europe, including Russian-speaking countries,” added Bestuzhev, who is based in Quito, Ecuador, where he is Director of Kaspersky’s GReAT Team (Global Research and Analysis Team) in Latin America.
The epicenter of this activity appears to be Brazil. The most recent Norton Cybercrime Report and the Symantec Intelligence Report: October, 2011 have placed the country in the top spot for cybercrime in Latin America.
“If you look at the basic areas of concern, such as malicious code, spam, phishing, and then track it by country of origin, Brazil has been placing in the top five countries in the world for this kind of activity,” says Rafael Garcia, a Mexico City-based Security Expert with Symantec.
Bestuzhev says cybercriminals in Brazil are attacking the accounts of people in other Latin American countries and even in Europe -- specifically Spain and Portugal.
Last month, Bestuzhev said Brazilian hackers had put together a sophisticated, well-encrypted malware, the first time he had seen this level of cybercrime anywhere in Latin America. The code is complex enough to fool automatic malware analyzers, and can even escape the more advanced tests conducted by technology administrators. The software is embedded in image files as “block code.” When the image is opened, a Trojan is installed which can capture data from online financial transactions.
Criminals in other countries in the region are not far behind. Criminal networks in Mexico, Argentina and Peru are copying methods seen in Eastern Europe, and are able to manage large groups of infected "zombie" machines.
Zombie machines function as part of botnets -- they are personal computers that, unbeknownst to the user, have been taken over by cybercriminals, with e-mail addresses harvested to push spam further afield. Online scams include sophisticated phishing campaigns, in which trusted addresses send out messages with links to apparently legitimate sites requiring personal data.
This new level of sophistication from Latin America’s cyber criminals does not bode well for a region already overrun with criminal activity and unprepared for a fresh onslaught.
“Latin America in general continues to believe that it is not a target for cybercriminals,” Bestuzhev says. “With this way of thinking, of course, defenses are minimal.”
Yet Latin America, and Brazil in particular, is increasingly well-connected, with more financial activity going online and mobile. In fact, a just-released study by Pyramid Research estimates that 18 million people in Latin America bank via their mobile devices, with that number on course to rise to 140 million by 2015.
While these are positive steps for commerce, Garcia cautions that one of the biggest cyber-security challenges faced by the region is the expansion of broadband and mobile services into previously under-served communities, which brings a large, unsophisticated user-base online.
“We see more access to these services, but not a lot of awareness of computer literacy or the basic security steps,” says Garcia. “If you are a cartel, it gives you one more way to benefit from your malicious activity.”
Some regions and industries are more prepared than others. Bestuzhev says that the banking sector in Latin America, particularly in Brazil, has made considerable progress in security, having been forced to do so because their customers have been losing large amounts of money, though the sector is still fraught with challenges.
Unfortunately other sectors, including government, have taken minimal action to address the growing challenges posed by the conjunction of an increasing number of connection points and an untrained populace. Over time education can help ameliorate these problems, but the worry is that this could take a long while indeed.
By Tim Wilson
Tim Wilson is a Canadian journalist with a special interest in Mexico and Central America. His blog can be found at La politica es la politica.