latin american and caribbean cybersecurity trends and ... · pdf filestate of internet use ......

of 30 /30
Latin American and Caribbean Cybersecurity Trends and Government Responses

Author: lequynh

Post on 25-Feb-2018

225 views

Category:

Documents


4 download

Embed Size (px)

TRANSCRIPT

  • Latin American and Caribbean Cybersecurity Trends and Government Responses

  • ORGANIZATION OF AMERICAN STATES LEGAL DISCLAIMER

    The information and arguments expressed in this report do not necessarily reflect the official views of the Organization of American States or the governments of its Member States.

    TREND MICRO LEGAL DISCLAIMER

    The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice.

    Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes.

    Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing, or delivering this document shall be liable for any consequence, loss, or damage, including direct, indirect, special, consequential, loss of business profits, or special damages, whatsoever arising out of access to, use of, or inability to use, or in connection with the use of this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for use in an as is condition.

    Contents

    Introduction ..........................................................................................................1OAS Country Survey Results ..............................................................................2

    Trends Seen ..................................................................................................3General Trends .......................................................................................3ICS Concerns .........................................................................................4

    Country Reports on Cybercrime ...................................................................6Cybercrime Trends in Chile ....................................................................6Cybercrime Trends in Colombia .............................................................6Cybercrime Trends in Jamaica ...............................................................7Cybercrime Trends in Mexico .................................................................7Cybercrime Trends in Panama ...............................................................7

    Trend Micro Global Threat Intelligence Analysis .................................................9Malware ........................................................................................................9Spam ........................................................................................................... 11Malicious URLs ...........................................................................................12

    Underground Activity .........................................................................................12Online Banking Theft and Crimeware Use ..................................................12Cybercriminal Underground ........................................................................14PiceBOT ......................................................................................................16

    State of Cybersecurity in the Americas..............................................................18Government Cybersecurity Policies ............................................................19Inter-American Cybersecurity Efforts ..........................................................20Case Studies ...............................................................................................20

    Argentina ..............................................................................................20Colombia ..............................................................................................20Jamaica ................................................................................................21Mexico ..................................................................................................21Panama ................................................................................................22

    Conclusion .........................................................................................................22State of Government Response to Cybercrime ..........................................23State of Internet Use ...................................................................................24State of the Threat Landscape ....................................................................24State of the Attack Landscape ....................................................................25State of the Cybercriminal Underground .....................................................25Recommendations ......................................................................................25

    References ........................................................................................................26

  • PAGE 1 | Latin American and Caribbean Cybersecurity Trends and Government Responses

    Introduction

    In a connected world, a trade-off exists between enjoying the convenience that information technology (IT) offers and minimizing the opportunities its use presents to cybercriminals. Cybercriminals can, for instance, spread sophisticated threats by exploiting popular mobile devices and cloud applications to infiltrate high-value targets. They have made cyberspace a means to victimize the public.

    Throughout 2012, global trends in illicit cyber activity showed how previously unknown threats evolved to become mainstream and a danger to all types of Internet users. Tools like the Blackhole Exploit Kit, automatic transfer systems (ATSs), and ransomware surged in use, employing better social engineering strategies, evasion techniques, and scare tactics.1 The all-too-familiar story of new technology hijacked for nefarious aims reemerged in 2012, as the growth of mobile threats ballooned at a much faster pace than those affecting normal computers.2 Pieces of Android malware rose from a thousand to more than 350,000 in the span of just one year.

    Cyber incidents demonstrated the importance of staying up-to-date on global cybercrime trends, especially concerning the use of mobile and personal computing devices. Consequently, IT security specialists and cyberthreat analysts must render global averages into organization-, industry-, or region-specific statistics to determine how best to protect the sensitive information they keep. Failure to produce tailored threat analyses will skew critical data, keeping countries and businesses from designing and implementing effective cybersecurity policies and technical capabilities, thereby keeping citizens vulnerable.

    Knowledge of the cyberthreat landscape and government responses in Latin America and the Caribbean is incomplete. Much of what is known about the regions cyberthreat landscape is based on uninformed news reports and innuendo. Some sources show that banking malware was the regions top cybercrime problem in 2011 while others judge that the biggest issue was multipurpose malware that compromised routers on a scale larger in Latin America than in any other part of the world.3 These divergent views show that more specific data is needed to accurately diagnose the threat to our citizens.

    1 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_blackhole-exploit-kit.pdf; http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_automating_online_banking_fraud.pdf; http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_police_trojan.pdf; http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-police-ransomware-update.pdf

    2 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-evolved-threats-in-a-post-pc-world.pdf

    3 http://blog.trendmicro.com/trendlabs-security-intelligence/latin-america-router-compromising-malware-found/

    http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_blackhole-exploit-kit.pdfhttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_blackhole-exploit-kit.pdfhttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_automating_online_banking_fraud.pdf%0Dhttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_automating_online_banking_fraud.pdf%0Dhttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_police_trojan.pdfhttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_police_trojan.pdfhttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-police-ransomware-update.pdfhttp://