More than 2.6 Billion Attempted Cyberattacks Affected Peru in 2020

A global leader in comprehensive, integrated and automated cybersecurity solutions, announced Q4 2020 results and year-end consolidated cyberattack attempt data from its FortiGuard threat intelligence lab Labs, which collects and analyzes cybersecurity incidents around the world on a daily basis.

In Peru, more than 2.6 billion attempted cyberattacks were registered during 2020, out of a total of 41 billion in Latin America and the Caribbean.

Considering only the months of October, November and December, there were 801 million attempted attacks in the country. During this period, threats known as phishing emails spread across Latin America with attached HTML files, trying to redirect the web browser to malicious websites. Web-based malware has become the most common vehicle for distributing infected files, often becoming the gateway for ransomware.

Although the volume of cyberattack attempts remains extremely high, what is most worrisome is the degree of sophistication and efficiency that cybercriminals are achieving through the use of advanced technologies and artificial intelligence (AI) to develop targeted attacks with greater chances of success. This means that in fewer attempts, cybercriminals can do more damage.

“The year 2020 demonstrated the ability of criminals to invest time and resources in more lucrative attacks, such as ransomware. In addition, they are adapting to the new era of remote work with more sophisticated actions to deceive victims and access networks corporate “, explains Franz Erni, Country Manager of Fortinet Peru. “We also see a trend towards peripheral attacks and not just the core network. The use of IoT devices and mission-critical industrial environments are some examples of access points for criminals.”

For 2021, Fortinet identifies another significant trend with the emergence of new smart edges, that is, networks that adapt and expand according to user needs, which will not only create different attack vectors, but will allow groups of compromised devices to work. together to reach victims at 5G speeds.

“We must be alert to any suspicious mail or activity, and implement and follow all necessary controls on personal devices to mitigate the risk of intrusion or violation of our companies’ security policies, including the periodic installation of available updates from manufacturers. “recommends Erni. “From a business point of view, it is necessary to add the power of artificial intelligence (AI) and machine learning (ML) to security platforms that operate in an integrated and automated way on the main network, in multi-cloud environments, in branches and remote workers’ homes. ”

Other conclusions from the report for the fourth quarter of 2020:

? Phishing campaigns remain the main attack vector: numerous campaigns with Trojans were detected during this period, carrying out activities without the user’s knowledge and generally including establishing remote access connections, capturing keyboard input , collecting system information, downloading / uploading files and placing other malware on the system. Infected assets can perform denial of service (DoS) attacks and run or stop processes. The JS / ScrInject.B! it was the most active in the region in that period.

? Remote work as a gateway to corporate networks – A large number of malicious HTTP requests have been detected to exploit vulnerabilities in various home router products that could allow attackers to execute arbitrary commands. This may be a trend, as more people work from home, with less protection and more access to corporate data.

? Big wave of attempts to exploit vulnerabilities: Numerous remote code execution attempts were detected against ThinkPHP and PHPUnit, a web framework used by a large number of web developers. The ThinkPHP vulnerability was revealed in 2018 and allows attackers to gain access to the server and install malicious software. Keeping servers up-to-date helps reduce the risk of exploits. Therefore, if you are using ThinkPHP version 5 or earlier, you must apply the latest update or patch from the vendor.