Latin America Receives 9% of All Cyberattacks: IBM

Latin America is now the target of 9% of all cyberattacks, reflecting intensified automated exploitation, credential theft, and shadow AI risks, according to IBM. For Mexico, the trend heightens exposure across financial services, energy, and manufacturing, where legacy systems, IT-OT convergence, and complex supply chains challenge regulatory compliance, digital resilience, and enterprise risk management.

Latin America remains the fifth most targeted region globally, accounting for 9% of all observed cyberattacks between 2024 and 2025. This increase is driven by the automated exploitation of publicly exposed applications, the use of legitimate tools for intrusion, and a significant rise in credential theft targeting AI platforms.

"The democratization of technology through AI allows attackers to re-scan and exploit critical software vulnerabilities from as far back as 2010," says Rodolfo Manzi, Security Services Leader, IBM Mexico. "Organizations struggle to patch systems at the same velocity that threat actors deploy automated tools to identify these unaddressed security gaps."

In previous years, Latin America consistently held the fifth position in global attack volume. However, the proportion of total attacks rose from 8% in 2024 to 9% in 2025. According to IBM’s  X-Force Threat Intelligence 2026 report, four primary vectors now dominate the landscape, each maintaining a 25% effectiveness rate: exploitation of public applications, use of valid accounts, compromise of remote services such as VPNs, and supply chain intrusions.

A notable shift in methodology involves the use of legitimate administrative tools for malicious purposes. About 33% of detected incidents involved attackers utilizing software already present in the corporate environment, such as Microsoft Teams or various scripting tools. This strategy allows threat actors to blend into internal processes, making detection and control significantly more difficult for cybersecurity departments.

Industry Focus and the Resurgence of Vulnerability Exploitation

The financial and insurance sectors continue to face high levels of targeting, but the energy and manufacturing industries have seen a sharp increase in activity. These sectors accounted for 47% and 27% of major incidents, respectively. The convergence of Information Technology (IT) and Operational Technology (OT) has expanded the attack surface, particularly in manufacturing.

Data from IBM indicates a 44% increase in the exploitation of software vulnerabilities. While "zero-day" vulnerabilities often receive the most corporate attention, threat actors are increasingly focusing on "n-day" vulnerabilities, known flaws for which patches have existed for years. In the manufacturing sector, updating legacy systems is often technically difficult or operationally disruptive, creating a window of opportunity for attackers.

Between 2024 and 2025, the number of identified vulnerabilities rose by 13,000, reaching a total of 40,000 within a single year. Attackers calculate the return on investment for their efforts; they find it more efficient to scan for unpatched, decade-old vulnerabilities than to invest resources in discovering new ones.

Supply Chain Complexity and "N-th" Party Risk

The complexity of modern corporate structures has made supply chain attacks a preferred route for intrusion. This type of attack has increased nearly four times in the last five years. Organizations often focus on their own internal security posture but fail to monitor the risks posed by third, fourth, or fifth parties.

“Even if a primary corporation is mature and well-protected, its vendors or service providers may lack equivalent controls,” says Manzi. “Threat actors exploit these weaker links to gain a foothold and move laterally into the target network”.  

This trend is particularly evident in developing environments. As Manzi notes, attackers target open-source libraries, such as those found in NPM or Maven, to plant malicious code. When corporate developers integrate these libraries into their projects, they inadvertently carry the threat into the internal environment of the company.

The Emergence of Shadow AI and Credential Theft

AI has introduced new risks, specifically regarding identity theft and data exposure. Research identifies that over 300,000 credentials for AI platforms, including ChatGPT, have been exposed on the dark web. As employees seek to increase productivity, they often use non-sanctioned AI tools, a phenomenon known as "Shadow AI."

The theft of these credentials allows attackers to access sensitive corporate information, proprietary code, and internal tokens. One in six security incidents handled by IBM is now related to the use or compromise of AI. Attackers are also using AI to adapt their tactics in real time. If a specific intrusion attempt is blocked, automated tools can modify the attack pattern instantly to bypass defenses.

The democratization of these tools has also fragmented the ransomware market. In 2024, 10 major groups dominated the landscape. By 2025, that number grew to 109 groups. This 49% increase in the number of active groups is a result of "ransomware-as-a-service" models and affiliate programs. Smaller, less experienced groups can now purchase sophisticated tools and split the profits with the original developers, reducing the technical barrier to entry for high-impact cybercrime.

Strategic Recommendations for B2B Organizations

To address these evolving threats, Manzi urges corporate leadership to focus on four core areas:

• Digital Identity as Critical Infrastructure: Organizations must apply the same level of governance to user identities and AI agents as they do to their physical servers and networks.

• Continuous Vulnerability Management: Relying on monthly patch cycles is no longer sufficient. Companies must use AI-driven tools to scan for and remediate vulnerabilities across the entire attack surface.

• Governance of AI Platforms: Companies should provide sanctioned, secure AI tools to employees to prevent the use of public, unmonitored platforms. This includes implementing strict data classification policies to control what information AI agents can access.

• Cyber Awareness and Education: Security is not solely a technical issue but a cultural one. Regular training is necessary to ensure that employees understand the risks of sharing sensitive data with external chatbots and the importance of multi-factor authentication.

The integration of AI into corporate workflows is advancing rapidly. However, without proper oversight, it extends the attack surface beyond the control of the security department. Organizations must thus accelerate their adoption of secure-by-design principles and expand their risk management to include the entire ecosystem of third-party providers.

"The goal for attackers is to maximize results with minimal effort," says Manzi. "By automating the initial stages of an attack and exploiting the gaps in shadow AI, they are achieving that goal. Organizations must respond by automating their own defenses and securing every digital identity within their network."