Information Security situation In Latin America

 One of Europe's biggest banks has just revealed what appears to be a huge data leak from one of its servers. Russian-speaking hackers stole up to $10 million from U.S. and Russian banks, according to a Moscow-based cybersecurity firm headed by the former head of Russia's domestic intelligence agency, the FSB, and a former senior executive of a major bank.

Cybercriminals have teamed up with drug cartels in Latin America to attack financial institutions and governments, using a variety of scams and malicious programs to make millions, according to a new report. The Russian cybercrime group, the Russian domestic intelligence service FSB, has targeted organizations in Latin America.

In total, banks in Latin America spent about $809 million on digital security incidents, response and recovery in 2017, according to the OAS. In 2012, the US Federal Reserve Bank of New York and the Federal Deposit Insurance Corporation (FDIC) fell victim to cybersecurity. The same methods have been used by drug cartels in Mexico, Brazil, Colombia, Argentina, Chile, Peru and Uruguay.

In Chile, Banco Chile was also the victim of a cyber attack in which hackers stole more than 10 million US dollars. In March 2016, hackers stole $5 million from the bank's computer system in Chile, according to the OAS, before launching a malware attack that crippled much of its network.

As IT teams tried to stop the virus from spreading, cyber attackers broke into the bank's computer system and siphoned off $10 million in assets from Banco Chile. The hackers also said that the Cayman Bank and Trust Company contacted them using the same exploit against the hacking team that was intended for a cyber attack on the US Federal Reserve Bank of New York. According to OAS, the attackers used malware to hack into the software, allowing them to transfer money and clean up after themselves.

The hackers gained access to the network and infiltrated the bank's IT system with highly contagious malicious software, which wiped out hard drives and brought down branches, phones and banking systems across the country.

Banxico quickly established a cyber security unit that drafts and issues information security guidelines for the country's banks. Mandiant Security Consulting Services, which provides disruption response and general advice in cybersecurity, said that for most actors the sharing of information about cybercrime remains unthinkable. Simply put, companies cannot rely on government guidance on cyber-security risks, because many governments do not yet share information - security laws related to cyber data. This is clearly possible, but sharing information and information about cybercrime remains "unthinkable" for most of these actors, "said Michael D'Agostino, senior vice president and chief technology officer at Mandian Security Consulting.

In this regard, alongside their references, banks in Latin America have developed protection systems that focus on devices and identity verification systems that allow customers to log on to their online banking websites. Most security software companies do not consider Latin America a critical market, and therefore there are few cybersecurity services. There are no national cybersecurity rules for the region's banks, and there is a lack of awareness of the importance of information security in the banking sector. The financial sector in South America does not invest in cutting-edge technologies to detect and prevent cyber attacks, and spends most of its digital security budgets on more basic firewall protection.

Phishing attacks are extremely popular among hackers targeting major banks in Latin America. An attacker uses fake Google and Bing adwords to direct customers to make them look like an official bank website. Information security specialists also know the lurking trojan, which has been used for several years to attack remote banking systems. Indeed, last year, the security firm Group IB found that cyber criminals, including Russia's MoneyTaker Group, collect information about services that use SMS as an authentication tool to launch attacks on cross-border payment systems such as PayPal and MasterCard. A hacker who has received enough personal information about the target can pass a mandatory telecommunications test and access banking services via a cross-border payment system, "says Carsten Schulz, head of security research at Group IB.

Experts point out that Latin America is fertile ground for attacks, because coordinating illegal cyber-fraud is much easier than in Europe or the United States. North Korea - The hackers with ties appear to be focused on the U.S., South America and the Middle East, as well as China and South Africa. Brazil, Argentina, Colombia, Chile, Ecuador, Mexico, Peru, Uruguay and Venezuela are among the countries most likely to be targeted by hackers, "says David Wright, head of security research at Group IB. Latin America enjoys low-cost cyber insurance options, such as the Latin American Cyber Insurance Program (LACIP).

Internet access has spread to developing countries, including Latin America and the Caribbean, and the problem of hacking is expected to increase. The report also highlights some of the most popular malware threats that afflict Latin America. There is a strong correlation between the number of malware attacks in the US and Latin American and Caribbean countries.

Cited Sources

• https://u.osu.edu/castroaguilar.1/cyber-security-in-third-world-countries-governments/ ⁰
• https://www.insurancejournal.com/news/international/2017/12/12/473791.htm ¹
• https://www.izoologic.com/2020/06/04/santander-bank-in-europe-was-exposed-to-hackers-and-phishing-attacks/ ²
• https://wolfstreet.com/2018/06/12/globalized-bank-hackers-target-sitting-ducks-in-latin-america/ ³
• https://www.latinfinance.com/magazine/2018/september-october-2018/on-the-defensive ⁴
• https://www.financierworldwide.com/do-liability-in-data-privacy-and-cyber-security-situations-in-latin-america ⁵
• https://www.fintechnews.org/sim-swapping-how-the-mobile-security-feature-can-lead-to-a-hacked-bank-account/ ⁶
• https://www.buguroo.com/en/blog/the-worlds-top-3-cybercrime-and-online-fraud-hotspots ⁷
• https://portswigger.net/daily-swig/banks-in-latin-america-prepare-for-next-cybercrime-wave ⁸
• https://blog.trendmicro.com/taking-the-fight-to-critical-infrastructure-hackers-in-latin-america/ ⁹
• https://securityaffairs.co/wordpress/73822/apt/swift-hackers-latin-america.html ¹⁰
• https://www.cshub.com/attacks/news/incident-of-the-week-hackers-tap-into-mexican ¹¹
• https://www.seguridadinternacional.es/?q=es/content/cybersecurity-challenges-latin-america ¹²
• https://knowledge.wharton.upenn.edu/article/latin-america-reaches-a-crossroads-for-guarding-against-cybercrime/ ¹³
• https://www.ptsecurity.com/ww-en/analytics/banks-attacks-2018/ ¹⁴
• https://www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies ¹⁵
• https://www.forbes.com/sites/forbesagencycouncil/2018/07/31/five-measures-latin-america-must-take-to-get-up-to-snuff-on-cybersecurity/ ¹⁶
• https://www.spglobal.com/marketintelligence/en/news-insights/latest-news-headlines/pandemic-adds-strain-to-already-vulnerable-latam-bank-security-systems-57793479 ¹⁷
• https://www.techrepublic.com/article/cybercriminals-and-drug-cartels-are-teaming-up-to-spread-malware-and-steal-financial-information-across-latin/ ¹⁸
• https://www.insightcrime.org/news/analysis/threat-cyber-crime-coronavirus/ ¹⁹

Security Automation

 

Fear, one of the most powerful drivers of all time. Movies, novels, companies, even I had the unfortunate chance to hear the following phrase directed to a coworker: " I can replace you with a script and I will save money".

Automation is the new catchy word in the industrial environment, we see it everywhere: in car factories, coal mines, banks, even in the airports where tasks related to security are being transferred to automatic tellers. But is this suitable for all commercial environments?, the answer is partially.

Humans are valuable (not costly as some executives like to view them) by their decision making capabilities and a new evolution process has been taking place all over the world, thinking people are getting hired, and mechanical people are getting displaced. It is not a matter of justice nor survival, it is a matter of cost vs profit.

Is automation in security viable?

Yes it is but in a partial way, everyday hackers all over the world bypass security controls designed and maintained by fellow humans, automated systems are predictable (which is a terrible word in the business), we can automate tools and monitors but security intelligence? that's not automatable.

No matter how complex is the algorithm (computer process), the fact that all possible routes are programmed means there will be a thousand ways to bypass it, human ingenuity and logic is paramount to stop cyber-criminals.

Don't take me wrong, every company should invest in security means and tools to aid the process and some automation is necessary to analyze the tens of thousands of transactions the average enterprise performs daily, but every machine, every analyzer in the market will depend on search patterns and every search pattern will cause a situation known to security professionals: false positives and negatives.

A false positive is an event which triggers an alarm but is not a situation worthy TO INVESTIGATE, like a common employee performing a click on a file he is not authorized to and not getting access.

A false negative is a situation where the alarm should be triggered but it is not like the employee in question getting access to the file he has not been authorized to read/change/delete.

These factors are part of the everyday work of a cybersec engineer and a great deal of our training, human instincts become the differentiator to detect the anomalous behavior.

Then what can automation do?

To detect these factors which allows us to identify the possible intrusions, we would have to manually check all servers under our watch. which would severely raise the amount of people involved, instead the security orchestration tools allow us to see the activity in various fronts even in a graphical way enabling a major coverage on our duties.

In words of Eran Barak, CEO and Co-Founder, Hexadite: "All of these security automation technologies free up overtaxed security resources, allowing security teams to be less focused on mundane – but essential – tasks, and more focused on strategic initiatives that will make their organization more secure. "

Automation needs to be seen as a tool and as any tool it is only good for the person trained to use it, we cannot expect to take in someone trained to be a network technician and takeover cybersec without so much than a manual.

Resources

https://www.securityweek.com/five-steps-security-automation

https://www.dflabs.com/blog/security-automation-vs-security-orchestration-whats-the-difference/

https://www.darkreading.com/operations/the-best-and-worst-tasks-for-security-automation/d/d-id/1332074

https://www.helpnetsecurity.com/2019/04/16/it-security-automation-skills/

https://www.information-age.com/staff-skill-shortages-security-study-123473231/