A look at the current cybersecurity landscape

So far this year, cyberattacks have grown worldwide – mainly with the presence of ransomware¹, phishing, identity theft, attacks on infrastructure and cloud environments – mainly motivated by the evolution of digital transformation, the rise of teleworking and the absence of a proactive strategy in managing vulnerabilities in different entities.

Difficulties have also been identified in updating systems and solutions, in the non-use of specialized companies, resilience to incidents, insufficient investment in cybersecurity and the preparation of specialists, among others.

About the current panorama of cybersecurity on an international scale we will be speaking with Daniel Ramos Fernández, director of digital business at the Cuban Telecommunications Company (ETECSA) and expert in computer systems and cybersecurity.

DRF: The cybersecurity forecasts for this year, presented by the Russian cybersecurity company Kaspersky in December 2022, have generally been met after the third quarter of the year. Data breaches from public service providers, politically motivated cyberattacks, and the theft of personal and medical data have all had an impact on the present.

Ransomware has been one of the biggest threats to businesses. Among the main concerns are the theft or leak of information, the insufficient budget allocated to the cybersecurity area and the search for effective security solutions.

In mid-September, several media outlets reported on a large-scale cyberattack that affected public and private entities in Colombia, Chile and Panama. The center of the incident was IFX Networks, a multinational telecom, data center and IT solutions company. In Colombia alone, it affected the information systems and the operation of service platforms in over 40 public entities in the legal, culture, health, agriculture and foreign trade sectors, the latter affecting the country's exports.

Recently, the National Customs Service of Chile reported a cyber-attack on its computer devices, which affected the interaction of importing and exporting users from that country with the customs service. Cyberattacks have also been reported to the data center of the Air Europa company, to the American company 23andMe, specialized in carrying out genetic studies, to the site of the General Directorate of Migration of the Dominican Republic and that of the Seville City Council.

Data from Kaspersky's recent Threat Outlook reveals that the rate of malware attacks against computers in Latin America remained stable over the past year relative to the previous year. In total, 1.19 billion blocks were recorded, representing an average of 37.9 attack attempts per second in the region. Brazil has been the main target of these attacks, registering an average of 1,515 blocks per minute, followed by Mexico (275), Colombia (117) and Peru (107). The most attacked sectors were government entities (15.49% of infection attempts), agriculture (11.82%), retail/wholesale trade (11.55%), industry (8.57%), education (6.92%), health (5.28%), IT/Telecommunications (4.55%) and financial and insurance (4.55%).²

OPS: What are the main causes?

DRF: Among the main threats detected, the use of products that contain some type of malware stands out, in addition to not having the corresponding corrections or security patches to address vulnerabilities that cybercriminals could take advantage of. In Latin America, 66% of the software used is pirated, almost double the world average of 35%.

There are also malicious programs that display unsolicited advertising, fake addresses, malicious PDF files and Trojans. The techniques used by cybercriminals are always the same: a fraudulent message to take victims to a fake website, emails with a malicious file attached to infect the device, and infections while browsing.

OSP: And the Cuban panorama, how do you assess it?

DRF: In our country, the number of incidents so far this year has grown in relation to the same period in 2022. The main causes are associated with the occurrence of cyber denial of service attacks (DoS/DDoS), the sending and receiving of unwanted emails (SPAM), malicious traffic generated by malicious code, scans of services and exploitation of vulnerabilities that have compromised websites and other computer elements and in the case of natural persons, cyberbullying, identity theft, and scams through digital social networks and electronic payment channels. There have been cyberattacks for political reasons, which fundamentally modify the look of the website totally or partially.

Despite the country's economic limitations, work is being done to strengthen cybersecurity in strategic sectors and activities, improve incident management, increase the level of preparation of directors and specialists and increase communication actions to impact discipline and the prevention of risks in the appropriate use of Information and Communication Technologies (ICT) in natural persons.

Highlights:

¹ Type of cyber-attack in which criminals encrypt a victim's files or computer systems and then demand a ransom to provide the key or tool necessary to unlock the files or systems.

² https://latam.kaspersky.com. Kaspersky Threat Landscape.

Translated by Sergio A. Pabeque Díaz / CubaSí Translation Staff