• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Critical Infrastructure   »   Taking the Fight to Critical Infrastructure Hackers in Latin America

Taking the Fight to Critical Infrastructure Hackers in Latin America

  • Posted on:April 9, 2015
  • Posted in:Critical Infrastructure, Internet Protection, Security, Targeted Attacks
  • Posted by:
    Hernan Armbruster
0

Latin America has one of world’s fastest growing Internet populations. While this is bringing great social and economic benefits to the region, it has also heralded a more unwelcome trend: cyberattacks. The critical national infrastructure (CNI) industry is particularly vulnerable here, with IT managers historically relying too much on “security by obscurity” to keep legacy systems safe. But before we can craft a response, we need to know the scale of the problem and how prepared the region is to defend itself.

That’s why the Organization of American States has teamed up with Trend Micro to produce its Report on Cybersecurity and Critical Infrastructure in the Americas. With it, we hope to gain greater understanding of the threats facing critical infrastructure organizations in the region, in order to mount a more effective fightback.

A tempting target

It’s no surprise that cyber attackers are focusing in on Latin American countries. The trend was documented in our joint report with the OAS in 2013. But as Trend Micro has explained in the past, CNI is particularly vulnerable because of under-investment in security and the increasing volume of at-risk systems now connected to the internet. This isn’t just energy and water companies we’re talking about either, but everything from banks to hospitals, telcos and even food producers. As such, cyber attacks have the potential to wreak huge financial and reputational damage on CNI providers, but in so doing can cause serious economic and social harm to the affected country.

As most critical infrastructure are run by private firms, government-private partnerships on things like information sharing an incident detection are vital to successful cyber security strategies. Governments need to get better at talking to each other too, in order to share best practice. This is especially important given the relative immaturity of the information security industry in this region and the limited budgets available.

The hard facts

The new report canvassed the opinion of heads of security working in critical infrastructure sectors all over the Americas. It found over half (53%) said CNI attacks had increased since the previous year, while 76% said they had gotten more sophisticated. Government (51%) and Energy (47%) were the most targeted sectors followed by Communications (44%) and Finance (42%).

The majority of Latin American countries including Argentina, Brazil, Chile, Mexico and Peru said attacks had specifically targeted industrial ICS/SCADA equipment. These attacks will only increase as organizations get better at detecting them and more and more systems are connected to the internet – increasing their risk exposure. More worrying still, only one country in Latin America, Chile, said it felt fully prepared for a cyber incident, and just three said budgets had definitely increased over the past year.

Reducing SCADA risk

Organizations in Latin America are being targeted with the same array of worms, Trojans, browser exploits, hacking tools and more as their counterparts in other regions. But unpatched systems, poor removable device security and reckless user behavior are making the bad guys’ job even easier.

Not every critical infrastructure attack will be aimed at ICS/SCADA systems. In fact, information stealing (60%) was experienced by more respondents than control system attacks (54%). However, industrial control systems are particularly vulnerable.

With that in mind, here’s a brief security check list for CNI firms running ICS/SCADA:

  • Deploy anti-malware software throughout as much of the ICS environment as possible
  • Using a “bastion host” to prevent unauthorized access to secure locations throughout the ICS environment
  • Apply app whitelisting throughout to prevent unauthorized applications from running
  • Deploy a breach detection system
  • Enable a USB lockdown on all SCADA environments, to stop malware from physically entering
  • Deploy basic security measures such as firewalls/IPS, between the business network and the ICS network.

 For more information, please visit our website here.

Related posts:

  1. Understanding the Attack Surface for Critical Infrastructure
  2. Trend Micro at RSA 2016: Taking the Fight to the Hackers
  3. Latin America leads worldwide IT growth
  4. Hackers found using BlackEnergy malware to target critical infrastructure

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.