Get Your Free Report
Start for Free

Welcome to SOCRadar’s LATAM Threat Landscape Report’s CISO Brief!

Latin America’s threat environment is driven by large-scale data leaks, access brokerage, and diversified ransomware activity. Threat actors prioritize monetization through bulk database sales, credential harvesting, and encrypted phishing infrastructure. SOCRadar’s LATAM Threat Landscape Report’s CISO Brief provides security leaders with operational visibility into the dominant underground trends shaping the region, enabling proactive defense and faster incident response.

Download the full report today to gain a clear view of the cyber risks impacting organizations across LATAM.

Key Cybersecurity Insights for Security Leaders

  • Selling Dominates the Underground Economy: 62.37% of dark web activity centers on selling compromised data or access, confirming a supply-driven ecosystem.

  • Data Leaks Are the Core Commodity: Data and database-related posts account for 72.61% of activity, reinforcing that bulk data exposure fuels regional cybercrime.

  • Access Brokerage Remains Significant: 24.30% of posts involve access-related listings, providing entry points for ransomware and secondary attacks.

  • Ransomware Is Fragmented and Unpredictable: Qilin leads at 12.4%, followed by Akira (6%) and SafePay (5.8%), while 75.9% of attacks are distributed across numerous smaller groups.

  • Phishing Exploits Brand Trust: Netflix-themed lures represent 14.17% of phishing page titles, alongside betting platforms such as 1xBet and generic templates like “Account Suspended.”

  • HTTPS Strengthens Phishing Credibility: 73.4% of phishing pages use HTTPS, leveraging trusted indicators to increase credential theft success.

Why This Report Matters for CISOs

LATAM’s threat landscape reflects high-volume data monetization combined with distributed ransomware operations and scalable phishing infrastructure. The dominance of data leaks and access listings demands continuous dark web monitoring, stronger access governance, and enhanced detection of encrypted phishing domains. CISOs must prioritize intelligence correlation, proactive exposure management, and resilience planning to reduce dwell time and prevent escalation into large-scale operational disruption.