Mexico Records 40.6 Billion Cyberattacks Attempts in 1H25

Mexico’s information technology (IT) and operational technology (OT) are facing a growing number of cyberattacks, positioning the country as a primary objective for malicious actors in the region, reports Fortinet.

The growing number of attacks is being driven by the prioritization of industrial systems as targets for data extraction and operational disruption. “OT environments are not collateral damage, they have started to become primary targets. Cybercriminals are using advanced persistent threats (APT) aimed at industrial networks not only to steal data but also to disrupt critical services, demand ransoms, or embed themselves for future exploitation,” reads Fortinet’s 2025 Global Threat Landscape Report.

During the first half of 2025, Mexico registered 40.6 billion cyberattack attempts. This figure places the country second in the region, according to data from Fortinet’s threat intelligence and research lab, FortiGuard Labs. The company reports that Latin America collectively accounted for 25% of all global detections during this time.

This volume of malicious activity is characterized by a more methodical approach. Instead of executing broad, indiscriminate campaigns, threat actors invest significant resources in reconnaissance phases. FortiGuard Labs detected 17 billion active scans in Mexico between January and June 2025, a rate of 36,000 attempts per second. This intelligence-gathering phase allows them to identify vulnerable services. Attackers then use AI based tools to automate the process from initial intrusion to the final system exploitation.

Critical infrastructure networks have become particularly attractive to ransomware groups, which have transitioned from data kidnapping to service hijacking. For the second consecutive year, the manufacturing industry stands as the most targeted vertical. Adversaries now calculate the precise financial impact of a production line delay, incorporating this variable into their extortion models. Industries such as telecommunications, health, and financial services are also experiencing a rise in personalized cyberattacks, where adversaries deploy exploits designed specifically for each sector’s vulnerabilities.

AI is also reshaping the threat landscape. Offensively, attackers employ custom AI tools like FraudGPT and WormGPT to generate highly credible phishing emails, map attack surfaces, and automate large-scale social engineering campaigns with speed.

On the other hand, organizations like Fortinet are integrating both discriminative AI to detect new malware and Generative AI to optimize responses. Generative AI can summarize and prioritize security alerts, accelerate analyst development, reduce operational fatigue, and help decrease the mean time to respond to incidents. In environments where qualified personnel are limited, AI-powered threat intelligence can have a significant impact on threat detection and neutralization.

The modernization of industrial environments, driven by the adoption of the Industrial Internet of Things (IoT), 5G, private cellular networks, and direct-to-cloud management models, amplifies cyberrisk by expanding the attack surface. To mitigate these risks, Fortinet Labs urges companies to:

1. Close fundamental security gaps: This includes strengthening multifactor authentication (MFA), changing default credentials, implementing strict identity controls, and conducting regular external attack surface assessments.

2. Invest in threat-informed security operations (SecOps): Organizations should create response playbooks aligned with the MITRE ATT&CK for Industrial Control Systems (ICS) framework. They should also use deception technologies to detect lateral movement across the network and integrate threat intelligence with logging and analytics platforms.

3. Plan for contingency: It is crucial to conduct periodic incident simulation exercises, train teams to detect phishing, and AI-generated threats and establish an incident response plan that involves both IT and OT teams.