News headlines in recent months have made it clear that ransomware is not just another urban horror story, as it has become the most frightening threat to companies in Latin America.  Kaspersky figures reveal that ransomware gangs are stalking their victims to deliver a devastating blow: between July 2022 and July 2023, the company blocked 1.15 million attempted ransomware attacks in the region, equivalent to 2 blocks per minute.

 For the most part, these types of attacks follow a fairly common methodology: an employee takes the bait of social engineering tactics and opens a malicious email attachment.  Or, attackers gain access to a company’s systems by obtaining their credentials and passwords through leaks, using brute force techniques, or purchasing this initial access data on the Dark Web.  Another attack vector that cybercriminals commonly take advantage of are vulnerabilities in programs or apps since, if they are not patched, they allow them to infiltrate a corporate network.

 Unfortunately, this nightmare materializes daily, leaving new victims in public and private institutions, regardless of their industry or size.  The attacks are increasingly terrifying because they no longer only consist of hijacking companies’ equipment and infrastructure, thus paralyzing their operations, but also of stealing customer and employee data, intellectual property, and confidential information and then extorting them for a ransom for their money. release and/or prevent its publication.

 So that companies do not fall asleep in the face of this threat, Kaspersky has compiled guides so that both SMEs and large companies can get rid of this nightmare.

Know what the possible failures are in your systems, network and structure

You can perform an internal audit or evaluate external security diagnostic services, such as phishing simulations or digital risk reports on the attack vectors associated with an organization’s entire digital footprint.

Assess your employees’ knowledge

Ensure that the security team has the information necessary to evaluate defenses against ransomware and can plan incident response actions that prevent an incident from being successful.  If you do not have specialized knowledge, there are training courses available.  Also evaluate whether employees generally have the basic knowledge to avoid becoming victims of scams.  One click can allow the criminal to access the network.  Additionally, a security training routine must be maintained for all employees, adapting modules to specific needs.

Regularly check that your defenses are working at an optimal level

Today, there are several technologies that allow you to act proactively to prevent an attack, for example:

-Threat intelligence reports with information on the discovery, modus operandi and ways to identify each new ransomware on corporate infrastructure.

-EDR technologies that offer advanced detection of malicious activities.

 -Ongoing attack discovery services, which perform an in-depth review of systems, network and equipment to assess weaknesses in corporate defense.  This diagnosis can be performed annually or whenever malicious activity is suspected.

-Analyze comparative tests or perform an internal analysis to guarantee real protection.  The AV-Test laboratory has recently published a specific report on protection against ransomware.

-Check backups regularly.  It is common for companies to generate backup copies and, at the next moment of the process, the file is intact.  Unfortunately, errors are common and a defective copy may exist.  Ensure files are OK to allow quick resumption of operations.

Here we present the most relevant trends and milestones experienced in the cybersecurity industry in Costa Rica during 2023. This year there were attacks based on the exploitation of vulnerabilities present in software products and the expression of wars between nations in cyberspace continued.

On the other hand, generative artificial intelligence (AI) showed significant progress and was used by cybercriminals to optimize their attacks. These challenges for cybersecurity have given rise to protection trends throughout the technology development cycle, which include the use of AI in its favor, and in a defensive or preventive manner, and developments in authentication mechanisms.

The following are five trends and milestones in cybersecurity this year shared by experts:

Artificial intelligence against and for cybersecurity: Criminals have taken advantage of generative AI to create more convincing fraudulent messages. But AI has also been used for positive purposes, such as analyzing immense amounts of data from Internet connections and thus more quickly detecting and analyzing cyberattacks against organizations around the world.

In terms of supporting the preventive posture, that is, cybersecurity applied to systems throughout their development cycle, AI serves to help eliminate vulnerabilities found in software, either by generating guides that developers “they can follow or present the suggested modifications to the code so that they can simply accept or reject them.

Cyberwar: The war between Israel and Hamas, like that between Russia and Ukraine, has included cyberattacks by activist hackers, some with the intention of disrupting the services of websites, mainly those of the government and the military, and others seeking to impact nations sympathetic to any of the parties in conflict. For example, an increase in cyberattacks against the US, France, India and Italy have been linked to the activities of some groups that are anti-Israel and possibly associated with Russia, Iran or other nations.

Attacks on software supply chains: Cybercriminal groups have managed to cause large losses of money and reputation to organizations by infecting third-party software products used by them in their operations or their own products. This year, a data breach due to this type of attack cost an average of $4.63 million.

The constant threat of these attacks makes it very necessary to follow the recent trend of improving the security of the software supply chain, which includes not only having an updated list of those components or products in use and their security status, but also verifying their origin and review the security policies of the suppliers and their compliance with industry regulations.

Attacks on governments and critical infrastructure: Attacks that cause high costs for governments and paralyze services for large numbers of users are trending. For example, the kidnapping of IFX Networks client data in Colombia left at least 50 pages of state institutions offline, put health care at risk of collapse and forced the suspension of judicial activities, among other consequences.

The incident, just like the waves of cyberattacks on the Costa Rican government last year, in which a criminal group stole information from state agencies, highlights the need for Latin American countries to create state entities in charge of planning the strategy of cybersecurity to prevent, contain and react effectively to cyber attacks. This is urgent because the average cost of a data breach has reached $4.45 million.

More secure alternatives to passwords: Passwords have been replaced by access keys (in English, passkeys), which are a standard that consists of a PIN, pattern or biometric factor, such as face or fingerprint, to access to accounts in various applications. This alternative allows you to authenticate in half the time it takes to do so with passwords. In addition, they are more secure, because they are not processed by servers, but are saved only on the device, and, as they are used only in authorized applications, they prevent credentials from being shared on fraudulent sites.

Following a preventive posture

The relevance of following a preventive posture in cybersecurity continues to increase in the face of the current threat landscape, in which it can be seen that many companies impacted by cyberattacks are paying higher prices than ever. This position has required the adoption of new technologies and practices, taking into account how cybercriminals constantly improve their techniques, tactics and procedures.

Artificial Intelligence (AI) is no longer a topic of the future, it is part of the daily life of all Internet users who live with it by unlocking their devices with facial recognition, using browsers and online maps, or using voice assistants and/or or chatbots. However, experts warn that the efficiency of this tool can also be transferred to activities with malicious purposes.

According to Isabel Manjarrez, Security Researcher in Kaspersky’s Global Research and Analysis Team, among the purposes related to the use of AI are the collection of personal data, including recognition data (voice, face, fingerprints), generation of malicious code, evasion of security measures or DDoS attacks, such as the one that recently occurred with ChatGPT. However, there are other risks that stand out for their accelerated growth and high success rate, due to users’ lack of knowledge and the excess of information present online.

For example, there are personalized phishing attacks, with 42.8% of fraudulent messages aimed primarily at stealing financial data, according to the Threat Panorama for Latin America. It recorded 286 million attempted phishing attacks in the last year, which represents an alarming increase of 617% globally, compared to the previous year. Although this is not a recent risk, it is striking that its increase is due, among other factors, to the emergence of tools that use Artificial Intelligence to facilitate the creation of scams in an automated manner.

Another threat that has grown alongside AI is deepfakes. Kaspersky experts have warned about these contents where images and videos are altered to show information different from the original, for example, so that one person impersonates another. Likewise, the sale of this false material on the Darknet has been made known in order to facilitate financial fraud, business scams, political blackmail, revenge, harassment and pornography.

Now, researchers have also identified deepfakes of all kinds; with modified audio or voice, and other text, created using wording similar to that of a person known to the victim. Although the spread of this threat and its consequences can affect the reputation, privacy, as well as the finances of institutions and users, company figures reveal that the majority of Latin Americans do not know what a deepfake is (70%) and nor would they know how to recognize content of this type (67%). This makes people more susceptible to frauds and scams driven by this technique.

“For the better, Artificial Intelligence has become a valuable tool that complements human functions effectively. Its application, for example, facilitates simple activities from our daily lives, such as unlocking our mobile devices, to more complex actions, such as promoting digital literacy. To the bad, it has also facilitated the expansion of new and existing cyber threats, as their use becomes more widespread and more accessible,” commented Isabel Manjarrez. “Artificial Intelligence is already here and will continue to develop. Like any other technology, it can bring great possibilities as long as we use it safely and responsibly,” he added.

To avoid falling victim to AI-generated threats, experts recommend:

Stay informed about new technologies and their risks: Know AI, how it works and keep in mind that there are already threats associated with this tool.

Always use reliable sources of information: Remember that information illiteracy continues to be a crucial factor for the proliferation of cyber threats such as phishing and deepfakes.

Have good digital habits like “trust, but verify”: Be cautious and skeptical of emails, text or voice messages, calls, videos, or other multimedia content you see or receive, especially if they communicate strange or illogical information.

Use security solutions: Although protection against cyberattacks or scams generated by AI has only just begun to emerge, there are already tools, that protect against all types of threats, known and unknown.