Webinar | SOC Talk: Automating Threat Response
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
June 04, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Few things make my eyes sparkle like talking about Latin America. Back in 2018, I had the privilege of being able to travel and hitchhike there for more than three months and discover its beautiful lands and people. Ever since, I’ve been dreaming about going back to enjoy breathtaking views and the best empanadas of my life, and my friends are well aware of that―I haven’t talked about anything else since I’ve come back to Europe!
Now I can’t go back there for obvious reasons, so the only way I can still talk about Latin America is through my job. That’s why today I’ll be analyzing the main cyber threats to Latin American (LatAm) financial services. This is a crucial sector for the present and future development of this region.
The population’s reliance on financial services for day-to-day activities contributes highly to this sector’s importance. Also, as we’re all well aware, financial services is one of the sectors most targeted by threat actors, because of the high rewards associated with a successful cyber attack.
The cyber threats to the financial services sector are similar all over the world. However, every region (every country, to be honest) has its own peculiarities that need to be taken into account when drafting a comprehensive analysis. For example, institutional fragilities, such as the lack of cybercrime legislation, joint law-enforcement actions, and international cooperative frameworks, turn this region into an attractive target for cybercriminals.
Additionally, political factors, such as dire socioeconomic inequality and booming Internet use, all help make this region particularly fertile for money laundering, carding, and financial malware, among other prevalent activities.
There’s a lot to talk about so, without further ado, ¡vamos a investigar!
Trends in LatAm cybercrime are tied to rapid digitalization and weak cyber-security governance models that paved the way for opportunistic threat actors.
The main likely threats to financial services organizations are ransomware-based extortion and compromise via initial access brokers (IABs), banking trojans, and fraud and social engineering campaigns.
Let’s cover those threats in detail!
In the past year, we’ve extensively covered the ransomware threat in all its forms. For example, we’ve monitored the development of the ransomware-as-a-service model, we’ve provided quarterly updates on its evolution, and we’ve discussed rebrands and affiliate schemes.
In 2021 alone, Digital Shadows (now ReliaQuest) reported ransomware attacks affecting more than 100 organizations operating in Latin America. Figure 1 shows the number of attacks across all sectors, and includes all the victims that have been named on data-leak sites.
Ransomware operators gain access to organizations in a variety of ways; one of the most prevalent we’ve observed is via Initial Access Brokers. Ransomware gangs are increasingly using IABs’ advertisements to efficiently find and infect new victims, scaling up their malicious operations.
In 2021, Digital Shadows (now ReliaQuest) reported more than 60 IAB advertisements of access to LatAm organizations. The average price was $1,464 and Brazil was the most targeted country, closely followed by Argentina and Chile.
Social engineering campaigns, such as phishing, business email compromise (BEC), and smishing, are an evergreen choice for cybercriminals to gain an initial foothold in an organization’s network. Whether criminals are looking to gain access to a victim or extract personally identifiable information (PII) or financial data, social engineering is traditionally one of the most reliable methods. And the phishing threat is ever more pressing in regions like Latin America, where cyber-security awareness is not widespread and the population is more vulnerable to such attacks.
In a recent blog, the Phight against Phishing, one of our analysts painted an in-depth picture of the various shapes this social-engineering threat assumes, and how to best defend against it. Phishing using email or domains that mimic an organization’s assets is often the most popular―and dangerous method. These campaigns are often simple to conduct, involve few overhead costs, and elicit increasingly high payouts. Why would a threat actor not conduct them?
A few years ago, banking trojans and other malware were among the major cyber threats worldwide, but they’ve been replaced by other threats recently. However, these tools are still extremely popular in Latin America and present a significant threat to its financial services sector.
Threat actors frequently deploy banking trojans to steal bank-account and payment-card information. Although heavily used against banking entities, these trojans have also targeted payment-card providers, mobile-service providers, payroll-service providers, webmail, and e-commerce organizations. In other words, everything that may lead to an illicit financial gain for threat actors.
Banking trojans are usually spread via email phishing and spam campaigns that deliver malicious documents, eventually resulting in the trojans’ deployment. Once a victim’s network, system or device has been infected, any transactions conducted while the malware is active could be compromised.
Harvesting financial information and credentials can open the door to many other cyber attacks, making it one of the most profitable actions a threat actor can perform.
Latin America has significant peculiarities as a threat actor target. Cybercrime is a much more pressing threat than foreign advanced persistent threat (APT) groups, compared to other regions in the world. And as I mentioned, the combination of this region’s political/economic instability and organized crime groups has made Latin America a ripe environment for opportunistic, financially motivated cybercriminals.
Organized crime groups and drug cartels have been quick to exploit some of this region’s endemic weaknesses, setting up profitable schemes and targeting vulnerable groups.
Along with conducting the cyber activity described in the section above, cybercriminals are closely working with other crime groups to launder money obtained via illicit means by using cryptocurrency mixers.
Cyber attacks by APTs are sporadic and unlikely to target private organizations operating in Latin America. However, Microsoft recently reported on a China-based threat actor dubbed NICKEL targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, likely for cyber espionage purposes.
Additionally, some APT groups’ preference for supply-chain attacks means LatAm private organizations can be indirectly affected: Their suppliers’ networks can be compromised via exploitation of issues in hardware, software, or firmware. This could lead attackers to gain access to third-party companies and access sensitive information or pivot to other systems.
Building a thorough threat model for your organization is crucial to strengthen your security measures. Although the threats described above cover the main risks of operating in the Latin American financial services sector, every organization needs a tailored outlook of its main threats based on its assets, resources, and capabilities.
Here are some general mitigation techniques to help limit the impact of malicious activity in this sector:
If you’re interested in knowing more about your organization’s risk exposure across the open, deep, and dark web and technical sources as well as Digital Shadows (now ReliaQuest)’ cyber-threat intelligence solutions, get a customized demo of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) here. You’ll learn about any impersonated domains or phishing schemes targeting your company’s name and brands, as well as exposed PII or other data, to help shrink your attack surface online.