Latin America governments prime ransomware targets, analysis finds

An analysis from the Inskit Group has found that some Latin American governments may be ‘easy targets’ for ransomware due to a lack of cyber resources.

According to Cyberscoop, the general deficit of cyber resources – specifically education, hygiene and overall infrastructure – are the key deficiencies that make these governments more vulnerable.

Inskit claimed that ransomware attacks on these governments ‘could constitute a credible national and geopolitical security risk’.

While a definitive attack vector could not be assessed, the most likely avenue in many cases was the combination of compromised valid credential pairs and session cookies, which are harvested from a successful info stealer infection and sold by initial access brokers on dark web forums.

Recorded Future – the parent firm of Inskit – said anecdotal observations reflect a ‘minor but sustained increase’ in references to initial access sales and database leaks related to Latin American governments starting in around March this year.

The analysis stated, “We have also identified a significant increase in Q1 2022, beginning in February 2022, of references to domains owned by government entities in [Latin America] on dark web shops and marketplaces such as Russian Market, Genesis Store, and 2easy Shop, relative to the same time period in 2021.

“Ransomware will likely continue to be incorporated into the attack methods of threat actors targeting public and private entities in [Latin America] due to their availability as ransomware-as-a-service (for non-technical threat actors) and highly successful infection rates.”

Researchers also detailed that Latin America is generally an ‘up and coming region whose security posture is not as sophisticated or developed as some other regions for various reasons (geopolitical circumstances and developing infrastructure, among others)’  and therefore ‘threat actors may view [Latin American] entities as easy targets for harvesting sensitive and financially lucrative accounts via infostealer infections’.

Copyright © 2022 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.