Latin America. The rampant abuse of zero-day vulnerabilities over the past six months has led to a 143% growth in the number of victims, according to the company Akamai.
Geographically, Latin America and the Caribbean is one of the regions with the highest incidence of cyberattacks in the world; in 2023 it became the fourth most attacked region, according to IBM's X-Force Threat Intelligence Index 2024 report.
Sectors such as Finance, Insurance and Retail ranked first as the most attacked industries, with 25% each. Data from several cybersecurity firms highlights that the region receives more than 1,600 cyberattacks per second.
Oswaldo Palacios, Senior Account Executive at Akamai, said: "A ransomware attack begins when phishing emails manipulate users into downloading and executing a malicious attachment. The weakest link in a security system is not a hidden flaw in the computer code, but a person who does not check the origin of an email," he says.
Akamai's research, Ransomware on the Move, reveals that victims of various ransomware groups are nearly six times more likely to suffer a subsequent attack within three months of the initial attack. It's a race against time for organizations to close gaps in their environment due to the likelihood of being attacked by another group.
Hence the importance of implementing a cybersecurity strategy accompanied by a microsegmentation approach, highlights Oswaldo Palacios, who recalls that a well-known Latin American bank was the target of a cyberattack that it managed to contain.
According to the forensic analysis, it was a type of ransomware with which he apparently sought to extort some money from the financial institution. Therefore, in compliance with cybersecurity protocols and best banking practices, we proceeded preventively and responsibly to isolate the affected servers and disable all operating systems.
Its quick action allowed it to avoid affecting the data and resources of customers and the institution itself. Oswaldo Palacios explains that ransomware attacks are complex: infiltrating the system is just the beginning.
To maximize the damage, an attacker must also distribute their malicious payload across the network before beginning the encryption process. If only one computer is encrypted, the attacker will not have reached the impact needed to demand a ransom.
For the ransomware attack to bear fruit, the attacker must follow several steps: detect network assets, move laterally, among others; This process is often referred to as the ransomware kill chain.
"Each step gives security teams the opportunity to block and detect associated malicious activity. With the help of microsegmentation, security teams can use mitigation measures at every step of the ransomware kill chain to stop attackers and detect any anomalous behavior."
Effective Containment with Microsegmentation
The early and effective implementation of a cybersecurity strategy with the best cybersecurity solutions allowed the banking institution to have deep visibility into east-west traffic for critical banking applications and the ability to reduce risk by applying microsegmentation.
For banking and financial institutions, a new software-defined segmentation approach is essential to lessen threats and simplify ongoing policy management for critical applications and payment systems such as SWIFT.
"Microsegmentation provides deep visibility into applications and flows and implementation of policies at the network and individual process level to isolate and segment critical applications and infrastructure," says Oswaldo Palacios.
A microsegmentation solution monitors all network communications and has built-in detectors that identify and alert on such scans, helping to stop the spread of malware before it starts. It also blocks and detects attacks on local network protocols.
Oswaldo Palacios points out that if the ransomware attack on the Latin American bank had taken place, the consequences would have been regrettable, ranging from slowness, intermittency or complete lack of operation in critical applications, as well as the loss of customers, reputational damage, economic penalties and hard work to return to normal operation by having to reinstall and configure servers from scratch.
In addition, it is very likely that the account holders' data would have ended up for sale on the dark web.
Finally, the Akamai specialist reiterated that microsegmentation is becoming an increasingly important tool for IT security teams that face the challenge of keeping security policies and compliance in line with the rapid pace of change in today's dynamic data centers and cloud and hybrid cloud environments.
