Executive Summary

The results of Fortinet Threat Intelligence Insider Latin America for the fourth quarter of 2019 reveal the continuous increasing of malware, exploits and botnet activity in Latin America and the Caribbean. In the last quarter of the year, the region suffered more than 9 billion attempts to attack, totaling 85 billion in 2019.

The report also reveals the most common infections in Latin America and the Caribbean:

  • Malware infections generating unwanted adds or redirection to sites infected with malware
  • Trojans or backdoors that allow the attacker to take full control of the infected devices
  • Viruses or infections of advanced malware for the exfiltration of information such as passwords and users, among others
  • Malware for the exploitation of common vulnerabilities that allow attackers’ remote access to infected devices
  • Riskware, use of free software or of unrecognized origin that offers user characteristics such as protection, but also enables the possibility of infections.

As we have seen throughout the year, DoublePulsar, the backdoor used by the WannaCry ransomware, is still a mechanism for distributing malware in the region. Considering it takes advantage of already resolved vulnerabilities, its continuous use evidences the vast software footprint without updates in Latin America, affecting companies and individuals alike. DoublePulsar is mainly targeted to banks and financial service companies.

The Emotet botnet (aimed at attacking mostly banks) reappears prominently in FortiGuard detections for the fourth quarter, and Latin America provides a 45% presence of this botnet globally.

Emotet is a Trojan malware that targets Windows platform. It contacts Command and Control servers via HTTP or HTTPS requests. A remote attacker can issue commands to the malware to perform different operations. Emotet can download and install additional malware such as ransomware.

FortiGuard detected relevant threats aimed at Cryptocurrency in Latin America and the Caribbean this fourth quarter of 2019. Here are some examples of this trend:

  • 77% of Riskware/CoinMiner globally was detected in LATAM (Malware)
  • 84% of W64/CoinMiner.QU!.Tr globally was detected in LATAM (Trojan)
  • 59% of JS/Coinhive.A!.Tr globally was detected in LATAM (Trojan)

Different variations of malware, trojans and exploits for ransomware are still very active in Latin America.

How to defend from such multi-pronged attacks?

  • Inventory all devices
  • Automate patching
  • Segment the network
  • Track trends using actionable threat intelligence
  • Watch for indicators of compromise
  • Harden endpoints and access points
  • Implement security controls
  • Use security automation
  • Back up critical systems
  • Create an integrated security environment
select country