MEXICO CITY – Latin America’s economic growth, access to technology and greater exposure to the Internet has come with a consequence: The region has become a bigger target for hackers.
“People’s knowledge and use of these tools, along with their trust when it comes to doing business online, have fueled the ever-expanding presence of cybercrime in Latin America,” said Isabel Dávara, an attorney and cybercrime specialist at the Dávara law offices in Mexico City.
Roberto Martínez, an analyst with the computer security company Kaspersky Lab Latin America in Mexico City, said the region’s increasing use of cellphones and computers have made malware, corporate cyber espionage and hacktivism increasing security threats.
Malware is software used by hackers to disrupt computer operation, obtain information and access private computer systems. Hacktivism occurs when a person or group of people overtake a computer network to protest or promote a political agenda.
“We’re living in an age where information can be commercialized,” Martínez said. “Regardless of its target, cybercrime is ultimately about gathering information for financial gain.”
Martínez predicts an increase in fraud committed by hackers accessing information through cellphones.
“Nowadays, many people have mobile devices that allow them to work or have access to information from their office, do transactions online and engage in social media,” he said. “All this information is highly prized. That’s why getting their hands on it has become a goal [for criminal organizations].”
The McAfee web security company recently issued a warning about an app that’s really malware. It impacts cellphones that use an Android operating system by tricking users to believe it’s improving their security for financial transactions when it’s really routing a user’s account numbers and passwords to cybercriminals.
Internet fraud represents losses of US$93 billion a year and affects 2,500 banks across the region, according to a report by the Latin America and Caribbean Internet Addresses Registry.
About 34 million Smartphones were sold in Latin America in 2012, with the number expected to reach 147 million in 2013, according to Qualcomm, a consulting firm that monitors mobile communications worldwide.
Groups such as Anonymous, whose specialty is staging protests through the web, will continue its cyberattacks against official organizations, encouraged by the media coverage they generate, Martínez said.
That’s what happened on Jan. 16 to Mexico’s National Defense Secretariat, as hackers unleashed a cyber attack on it its website, posting a manifesto from the Zapatista rebel group for two hours. The name of the group “Anonymous Mexico” was visible on the website in front of a black background.
Two days later, the Argentine National Institute of Statistics and the Census’ (INDEC) website was hacked by Anonymous Argentina to protest the government’s report that established inflation for 2012 at 10.8%, a claim the group disputes.
“We’ve had control of INDEC for 3 [hours]. We’ll give [it] back as soon as they see that it’s time to stop the lies,” Anonymous tweeted.
To prevent cyber espionage, companies need to update their security systems constantly, Martínez said.
“To introduce a malicious code into a company to steal their projects and sell them elsewhere is as simple as sending an e-mail with an attachment and having an employee open it,” he added. “Through these means the group seeking information gains access to the company’s network. From there, they start linking with other devices and they mine data.”
Corporate cyber-espionage is designed to be undetectable, which means by the time a company realizes its security has been breached, cyber criminals already have gathered all the information they coveted.
In 2011, computer security company Eset Latin America uncovered a malware called Medre, which has been used in Peru since 2009. The software was part of an industrial espionage attack to steal designs and maps from institutions and companies based in the Andean nation.
Medre is a worm that infects current versions of the AutoCad design program. The hacker accessed 10,000 files containing plans and projects that belonged to several Peruvian companies, which were later sent to accounts registered in China.
Last year, about 750,000 Mac computers around the world were damaged by Flashback, a malware that enlists the infected computer into a botnet – a computer network that uses the infected device to launch Distributed Denial of Service (DDoS) attacks.
From the 40,000 damaged devices in Latin America by Flashback, Mexico had the most cases (45.2%), followed by Brazil (17.18%), Chile (13.36%), Colombia (6.1%), Argentina (5%), Peru (3.59%), Dominican Republic (2.95%), Venezuela (1.69%), Costa Rica (1.42%), and Guatemala (0.93%). The remaining 2.58% was spread across other countries in the region.
The biggest malware threat for Latin America in 2012 was the Trojan virus called TrojanWinLNK.Runner.bl, designed to destroy data and files and allow hackers to access files and programs remotely, according to Kaspersky Lab.
Mexico was the worst hit country in the region, with between 68,000 and 170,000 infected computers. It was followed by Brazil, with 17,000 to 38,000 and Chile and Argentina, with a combined total between 4,400 and 17,000.
Prevention continues to be the best way to protect against cybercrime.
Kaspersky Lab offers a series of security tips to avoid being the victim of cyber fraud or having devices harmed by malware:
Be very cautious about the websites visited;
Don’t accept offers for free products or services;
Avoid downloading illegal music and other software programs, which are often used to spread malware;
Do not use public computers for financial transactions;
Always use passwords that are secure and can’t be guessed easily;
Be aware any type of information is potentially attractive to a hacker;
Let company employees know that even the most expensive of computer programs can be corrupted if any one single employee should open an e-mail containing a virus that can infect the entire network;
A company should have several layers of security before its network is reached;
Constantly monitor security and refresh security plans annually.