Malware Variants Target Latin American SME

Despite increasing their cybersecurity budget by 16%, SMEs remain vulnerable to the economic and reputational consequences brought about by sophisticated cyberthreats. According to Kaspersky, these losses amounted to as much as US$155,000 per incident in 2022, underscoring the urgent need to address the growing number of cyberattacks registered per day by multiple companies. 

According to IQSEC, malware variants such as ransomware, spyware, botnets and wiper attacks have seen a 175% increase in the past five years. This phenomenon poses a growing threat to Mexico’s 4.2 million SMEs, which collectively contribute 52% to the country’s GDP and are responsible for generating 43% of the country's employment, as reported by INEGI. 

Malware threats are undergoing rapid evolution, becoming increasingly sophisticated, which poses a greater challenge to combat effectively. For instance, ransomware-as-a-service tools are exhibiting progressive precision, augmenting their success rates. Moreover, cybercriminals are exploring new mediums to exploit, including mobile applications, stealing information and impersonating identities via cell phones.

According to a study led by Fortinet, Mexico experienced 14 billion cyberattack attempts in the 1H23, representing nearly 25% of 63 billion incidents registered in Latin America. This onslaught made Mexico the second most targeted country in the region, following Brazil with 23 billion registered cyberthreats. 

"Although the diversity of malware attempts are already very well-known by incident response teams, cybercriminals combine several techniques to ensure their success. For example, Welivesecurity recently discovered a variant of botnets that infects multiple computers to control them remotely, which was combined with a Trojan horse to obtain banking credentials in Latin America," says Manuel Moreno, Director of Security Sales Enablement, IQSEC.

In fact, Latin America has seen a substantial rise in wiper executions. This type of malware is often designed to delete or destroy data on a computer system, meant to disrupt businesses operations and steal confidential information. Moreover, wiper malware tends to hide itself from antivirus software by targeting specific IP addresses or network ranges. Its incidence has increased in key sectors operating within Latin American countries such as technology, manufacturing, government, telecommunications and healthcare. 

In order to bolster companies’ cybersecurity measures, IQSEC recommends adopting a Managed Detection and Response security service, which effectively encompasses prevention, remediation and eradication by inhibiting known attacks and content encryption. "An MDR service covers everything from the essentials, such as component health and threat hunting. In addition, it offers endpoint protection technologies such as ransomware protection, which can help SMEs stay one step ahead of cybercriminals," added Moreno.

This cybersecurity measure can provide SMEs within Latin America with a crucial edge over cybercriminals and competitors in the battle against malware variants, ensuring the integrity of their operations and data in an increasingly perilous digital world.