Latin America Threat Landscape: The Paradox of Interconnectivity
Updated: Oct 8
By Beatriz Pimenta Klein & Yelisey Boguslavskiy
This Research is the first part of the AdvIntel LATAM Series.
Cybercrime is an all-encompassing phenomenon, affecting both private and public domains. Cybercriminals are not only looking for financial advantages but attack geostrategic structures to provide nation-state interests. Due to the diffuse nature of threats and actors, as well as their purposes, cybercrime affects different regions in distinct ways. Latin America, as such, has a unique cybercrime threat regional profile, as the socio-economic challenges that affect the region uniquely shape the experiences of its cyber domain.
When describing the Latin American cybercrime threat landscape, one factor is especially important: the nexus between economic development, digitalization, governance, and crime. Latin American states struggle with poverty and inequality; they are still identifying their places in the global economy and supply chains; institutional-building is still a work in progress. Naturally, the institutional fragilities - the lack of cybercrime legislation, proper cyber law enforcement, technical expertise, international legal cooperation - all result in impaired cybersecurity governance. This in turn attracts cybercriminals who believe the region to be an easy target.
In this threat survey, we will examine how such fragilities as well as regional points of resilience determine the cybercrime ecosystem. Case studies of five Latin American states were selected due to their prominence and sub-continental representativeness: Brazil, Chile, Colombia, 3 representatives of South America; Panama - Central America; and Mexico - North America.
The Cause and Cost of Cybercrime
Beyond cultural, ethnical, and idiomatic similarities, another reality connects Latin American countries: dire socioeconomic inequalities. According to the GINI index, which measures income distribution, the five countries analyzed here are among the 10 most unequal states of 2018. Moreover, four other countries in this top-10 list are also Latin American. Although these nations experience robust economic growth, they provide unequal opportunities to their citizens, which naturally increases crime levels.
These socio-economic inequalities translate into traditional crime groups recently resorting to emerging digital technologies. For instance, drug cartels in Latin America profit from the lack of governmental expertise to tackle cybercrime to advance profitable transnational illicit activities, primarily money laundering. This defines the region’s threat landscape as the alliance between traditional crime, money laundering, and carding, turning financial cybercrime into the dominant trend in Latin America. As a result, cryptocurrencies-based money laundering schemes, carding, fraud, and financial malware form a complex tendency, while the banking and financial sector suffers as the main victim. As it will be demonstrated further, even nation-state APT groups, such as North Korean APTs are aiming at Latin America primarily through this prism of finance-targeting crimes.
At the same time, Latin America is a rapidly developing region accumulating wealth and economic power. Despite the above-mentioned development fragilities, many countries in the region, in the past 20 years, enjoyed economic progress that translated into the social ascension of lower-income classes. These circumstances enabled once poverty-stricken citizens to now access banking systems and sophisticated payment technologies. As a result, the expansion of financial technologies and the accumulation of wealth is also an important factor that plays a role in the rise of cybercriminal activities, especially related to financial crimes.
The annual cost of cybercrime in Latin America mounts up to $90 billion USD each year. For instance, Brazil scores the 2nd in the global ranking of largest cybercrime-related financial losses. Latin America registered an astonishing 33 cyberattacks per second in 2017. The targets of such attacks are most often banking institutions, retail, and telecommunications companies.
It is important to note that this vulnerability to cybercrime is especially critical to a developing region such as Latin America. The $90 billion USD annually lost to cybercriminals could be invested in any underprivileged area. For instance, the Inter-American Development Bank (IDB) states that this money could potentially quadruplicate the scale of regional scientific research, which would immensely contribute to their regional development.
The Paradox of Interconnectivity
As reported by the World Bank, the percentage of citizens who had access to the internet in 2000 was the following:
In 2018, the reality was radically different:
It is clear that a quick digital social inclusion took place in the region; even though these percentages are still far from those observed in developed countries, whose levels are all above 80%. ICTs and especially Internet technologies are only beginning to entrench; consequently, the governance of the digital domain is only developing.
The Network Readiness Index (NRI) that measures the propensity of a country to explore the opportunities offered by ICT, offers the following ranks for our five countries: out of 121 countries ranking, in which the 1st country is the best performer (has the most seamless integration) and the 121th the worst, in 2019 Chile scored 42th; Mexico, 57th; Brazil, 59th; Colombia, 69th; and Panama 74th.
2019 NRI scores by region. In terms of governance (regulation, inclusion, and trust), the Americas’ results are only better than Africa and the Commonwealth of Independent States.
As illustrated by NRI, the digital domain is quickly evolving in the region; however, if this positive development does not follow the design of a robust governance model it may turn into an unregulated space with extremely dangerous potential: increasingly severe cybercrime.
Diving in this cybersecurity aspect of ICTs, we investigate the findings of the Global Cybersecurity Index (GCI) - an initiative of the International Telecommunications Union (ITU). This index aggregates legal measures, technical measures, organizational measures, capacity building, and cooperation (international agreements, fora; public-private partnership, inter and intra-agency cooperation); providing a general framework on weaknesses and resilience aspects of national approaches to cybersecurity.
2014 Cybersecurity Index Performance of American countries. The scores range from 0.0 to 1.0; being 0.0 the worst score and 1.0 the best.
In 2018, the GCI found that only Uruguay integrally demonstrated a high level of policy commitment towards cybersecurity resilience; all other Latin American countries scored medium level, with several Central American countries scoring on the low level on the commitment scale line. Within the Americas, in 2018 Mexico scored 4th; Brazil, 6th; Colombia, 7th; Chile, 9th; and Panama, 13th. However, in a global rank, these countries stand between the 60th and 100th place (out of 121 places, which means a suboptimal performance).
The data obtained from the NRI and the GCI illustrate the positive and negative power of digital technologies. Moreover, the GCI reveals the attitude towards cybersecurity policy present across major regional states: these countries are not properly relying on international and public-private cooperation to face the challenges presented by ICTs. This highlights the lack of proper cybersecurity governance in the region, which is indispensable for a sustainable safe cyber environment for users, companies, and governments.
At the same time, the two indexes illustrate the genesis of cybercrime in the region. Cybercrime features in Latin America are specific: they are mainly related to the socio-economic vulnerability which renders criminal activity as a highly common phenomenon across the subcontinent. Given the availability of such digital technologies, traditional criminal groups decided to recur to cyber tools of a poorly regulated digital domain to obtain financial advantages.
In other words, cybercrime in Latin America is defined by the continental development fragilities - rapid digitalization with only emerging regulation and adaptation to new technologies. This vacuum of power and authority created by the novelty of expanding ICT attracts the most initiative and active actors such as traditional crime groups. As a result, threat actors find numerous loopholes in both digital and social infrastructures and are thus motivated to almost unreservedly engage in cybercrime activities.
Building Resilience and International Collaboration
Solid long-term resilience factors are also present in the region. The abovementioned figures illustrating the rapid change in regional digitalization and the damages inflicted by cybercrime on Latin American economies resulted in diverse regional responses. There are initiatives led by different international organizations. Vivid examples are the Organization of American States (OAS), the ITU, and the IDB, that foster the implementation of a cybersecurity culture in Latin America. These organizations are funding programs and sharing their reliable expertise to stimulate the creation of safe cyberspace based on good governance.
The OAS has been a prominent actor in the region, introducing best practices and implementing national cooperative measures to anticipate and respond to potential cyberattacks in the Americas. The Organization adopted the Comprehensive Inter-American Strategy to Combat Threats to Cybersecurity in 2004, and this document has been a guide throughout the years to elaborate regional plans concerning cybersecurity.
The strategy was followed by the Declaration on Strengthening Cyber-Security in the Americas, in 2012. This declaration was under the scope of the OAS’ Inter-American Committee on Terrorism, and by this time the organization was more concerned with the pervasive effects of cyber-enabled crimes. Once again this new document stressed the relevance of the creation of national complex networks of incident response teams.
A major achievement of the OAS was the signing of the Inter-American Convention on Mutual Assistance in Criminal Matters, a convention with strong potential to function as a mechanism to fight cybercrime in the continent. This specific agreement is deeply relevant because cybercrime disregards national borders, hence international cooperation based on information sharing is vital to increase States’ capabilities to investigate cybercriminal incidents.
Since 2004, the OAS has also been encouraging member states to implement the principles of the Budapest Convention on Cybercrime, and also to commit to this treaty. This Convention serves as an outline to verify the development of national policies concerning cybercrime. The five countries examined in this piece either already acceded to the Convention or are observers and candidates to the accession. This means that Latin American states are not isolated in the design of their national practices regarding cybersecurity; they are relying on international expertise and experience sharing, which is an important first step towards the implementation of good practices within national borders.
Overall, a preliminary assessment of the role played by the OAS in the continent indicates that the organization’s efforts have been decisive to the advancement of cybersecurity awareness in the Americas. The establishment of regional cybersecurity practices in the continent under the scope of this international organization, which holds authoritative legitimacy and moral authority, promotes a safe path to the evolution of national and regional policies with respect to cybersecurity.
Latin American Cybercrime Trends = Rapid Digitalization + Weak Governance
Currently, the trends in Latin American cybercrime are linked to the rapid digitalization and weak cybersecurity governance models, encompassing the link between drug cartels and hackers. The major trends are carding, cryptojacking, and BINero fraud.
Carding is especially common across Latin America, though it is not always technologically sophisticated. For instance, gas station workers illegally collect their client’s credit card info and provide the data to criminal organizations.
Cryptojacking, or a malicious crypto mining, is when the victim’s device is used to mine cryptocurrencies without the knowledge of the user.
And last but not least, the BINero Fraud is when criminals find BINs (bank ID number) incorrectly validated by online payment processors and proceed with online purchases.
Currently, cryptocurrency-related crimes are distinctly common across the continent. Cryptocurrencies are especially compelling to criminals due to two reasons: the lack of a central banking authority and the idea of untraceable, unregulated money transfers. Usually, the legitimate exchange of cryptocurrencies is under the auspices of policies such as know-your-client (KYC) and anti-money laundering (AML); however, Latin American countries are only just developing regulations for these matters. Consequently, the region is of great interest for money-launderers and other cybercriminals dealing with cryptocurrencies. An example of this reality is that the P2P LocalBitcoins exchange point service platform registered a record increase in volume transactions between 2019 and 2020.
Along with cryptocurrency’s lack of regulation comes the lack of law enforcement. This allows cybercriminals to feel confident and execute their transactions through open code platforms such as WhatsApp, Facebook, and Telegram – sometimes not even hiding their identities. These platforms are accessible tools used by cartels, in which they can negotiate new fraudulent transactions directly with hackers.
Malware trends are also in line with the general vector of LATAM cybercrime - financially exploiting the emerging digitalization. In the past and current year it has been observed that 5 malware variants stand out: Catasia; Cosmic Banker; Trickbot; Phobos, and Ryuk - all five being either banking trojans or ransomware variants. Moreover, Ryuk was appointed as the last step in attacks that begin with the use of the malware Emotet, which would deliver the Trojan Trickbot - that provides the information for the employment of Ryuk.
As such, banking trojans & ransomware as well as fraud schemes are the biggest threats in the region. This data reinforces our survey’s main point that LATAM cybercriminals focus on financial crimes (be it understood under the nexus drug cartels X hackers or not) by exploiting the poor Latin American cybersecurity governance. To illustrate this point, five specific case studies are offered.
From the early 2000s to 2014, Brazil enjoyed substantial economic growth, which resulted in the decline of poverty and social progress as well as rapid internet dissemination among the Brazilian population.