Online hackers are increasingly targeting Latin America, with Brazil, Argentina, and Mexico most at risk. The Cipher Brief talked with Pablo Dubois, a data center and security product manager based in Argentina, about the current cyber threat landscape.
The Cipher Brief: Your company – Level 3, a global network services provider – recently produced a threat report revealing that 12 percent of Distributed Denial of Service (DDoS) attacks target Latin America, and that number is escalating. What are DDoS attacks and what is the impact? Who do attackers target? Why is the number of attacks increasing throughout Latin America?
Pablo Dubois: A DDoS attack occurs when multiple systems flood the bandwidth or resources of a targeted system, such as a web server, personal or work computers, mobile devices, or cable modems. The culprit for this type of attack is often botnets, a group of Internet-connected programs residing on various devices communicating together to perform tasks. Botnets are tasked with doing a variety of harmful things, including exfiltration of data, distribution of malicious software (malware), stealing of personal information, intellectual property theft and DDoS attacks.
DDoS attacks are often directed at entities that need their web servers to function, like gaming sites or retail pages. But malicious actors can program their botnets to launch a DDoS attack targeting anyone with an Internet-connected service. The only requirement is infrastructure. Bad actors need an army of botnets and the Internet-connected target to attack.
Increasing country populations and access to Internet-connected devices play a role here. More people and more devices equals more targets for malicious activity and more victims with compromised devices. In Latin America, for example, we’ve seen exponential growth in Internet-connected devices over the past few years. I read one report citing that we have at least two connected devices per person in Latin America. That provides more opportunities for hackers.
TCB: What countries in Latin America are most at risk for these kinds of attacks? Why?
PD: Our research shows, in order, Brazil, Argentina, Mexico, Venezuela, and Chile have the most victims. These five countries represent 80 percent of total C2 victims in Latin America. C2’s, command-and-control servers, are the brains of the malicious operation. C2s issue instructions to infected machines, the botnets, to perform an attack.
As Latin America continues to invest in more infrastructure, bad actors have come to recognize the opportunity and are attempting to take advantage by targeting more botnets and C2s at the region. Many global, multi-national companies have operations in Latin America. If their security controls aren’t as robust or uniform as in other regions, this can be a doorway for a bad actor to access the company’s global infrastructure. Additionally, Latin America is one of the highest growth markets for online media – social, video, and streaming. There is a huge end-user base. More devices mean more opportunities for finding and exploiting vulnerabilities.
TCB: What are governments doing to deal with the growing cyber-attack landscape?
PD: Governments are taking steps to protect their infrastructure and citizens. It goes without saying, governments house sensitive and confidential information that needs to be protected. However, the issue is far broader. Each of us has a responsibility for our cybersecurity posture at work and at home. Security governance is an ongoing issue. None of us can check a box and move on. We need to be vigilant about evaluating our security risk and tolerance on a consistent basis.
Among the ways enterprises can do that is through cross-industry collaboration: sharing information about the threat itself, not the victims. In Latin America, for example, we are working with security leaders to implement a system for sharing actionable information companies can use to protect themselves. This approach, working with other internet service providers and hardware and software manufacturers to share information, helps us to get ahead of threats and work to stop bad actors before they gain traction.
TCB: You’re based in Argentina – what is the Argentinian government in particular doing to deal with the threat? Is this a model you think other Latin American countries should look to as a good example of what to do?
PD: It’s interesting. In 1994, Argentina was one of the first nations to form a national Computer Security Incident Response Team (CSIRT). We’ve built on that and, in 2011, we started operating under the National Program for Critical Information Infrastructure and Cybersecurity (ICIC). Recently the ICIC, in coordination with various agencies, academic institutions, and the private sector, developed a draft for a National Cybersecurity Strategy. It’s awaiting adoption by the governing body.
Other countries in the region, for example Brazil and Colombia, have an equivalent Cybersecurity Strategy with each employing their own country’s definitions and action boundaries for security. What does this mean for the region? I think it shows we are all committed to cybersecurity and implementing tools that will make us safer; but I also think this demonstrates a great area of opportunity for all of us to come together to create and implement a common vision for all of Latin America.
TCB: What does this mean for U.S. businesses in or looking to get into Latin America?
PD: The business climate in Latin America has never been better. Latin America offers a wealth of opportunity for U.S. businesses. If we’ve learned anything, it’s that cybercriminals and bad online actors know no boundaries. It doesn’t matter where you do business; it matters how you do business. I would advise any company, regardless of where they are looking to expand, to make sure they have a tested uniform global security posture.
Today, some organizations protect their infrastructure through a complicated patchwork of firewalls and specialized security devices, creating points of vulnerability and operational burdens that can be exacerbated by a lack of security personnel. A patchwork approach requires monitoring and maintenance of each device. That coupled with the lack of technology integration makes day-to-day threat management a true challenge, one that opens companies to risk.
I would encourage organizations step back and perform a risk assessment identifying the areas posing the greatest threat. Another area of consideration is network-based security that allows for a ‘clean pipe’ and the ability to layer on other security solutions, like firewalls and data loss prevention. Finally, organizations need a view into their threat ecosystem. An understanding of the attackers and what information they are going after is helpful in preventing attacks and addressing vulnerabilities in the cybersecurity system.
