SOCRadar® Cyber Intelligence Inc. | Top 5 Cyber Attacks in Latin America in 2021


Dec 06, 2021
4 Mins Read

Top 5 Cyber Attacks in Latin America in 2021

Latin America pictures the largest conglomeration of states that jointly pose remarkable economic growth. With Mexico, Brazil, Colombia, and Argentina leading by example, Chile, Venezuela, and Peru have revealed considerable promise.

In the backdrop of the world economy, Latin America has silently but certainly performed. Thus Latin America attracted the attention of the world and also attracted hackers. This blog post overviews the specific incidents SOCRadar observed in the region for 2021.

1- Ploutus Variant Targets ATMs in Latin America

Over the last eight years, organized crooks seeking to “jackpot” the machines have persistently targeted ATMs across Latin America. Ploutus, one of the most complicated ATM malware families worldwide, is back with a new variant concentrated on Latin America.

Spotted for the first time in 2013, Ploutus allows criminals to drain ATMs by taking advantage of ATM XFS middleware vulnerabilities via an externally connected machine. Since its first detection, Ploutus has evolved to target various XFS middleware models, centering on banks across Mexico and Latin America.

2- Brazilian-based JBS Falls Victim of a Ransomware Attack

The world’s largest meat processing company, Brazilian-based JBS, was the victim of a ransomware attack. The attack, attributed to the Russian-speaking cybercrime group, REvil, shut down facilities in the United States, Canada, and Australia. The payment was reportedly made using Bitcoin after plants had come back online.

3- A Database Including PII of Argentinian Citizens On The Dark Web

A threat actor compromised Argentina’s Registro Nacional de las Personas, the national agency responsible for the registration and identification of all citizens, stealing the personal information of all Argentinians.

The database is now circulating secretly for sale in criminal circles. The breach targeted the government’s IT networks to access the database, also known as Renaper. The agency gives national identification cards, and other government agencies can ask for its database.

Government officials stated that attackers used a valid user account to access the database instead of hacking it by exploiting a vulnerability. In early October, the breach’s first indications came when a Twitter account posted ID card photos and other personally identifiable information about 44 famous Argentines, including President Alberto Fernández and soccer stars Lionel Messi and Sergio Aguero.

4- Insurance Industry Under The Threat of Ransomware

Porto Seguro, Brazil’s third-largest insurance firm, leads the car and residential insurance divisions, with roughly 10 million customers throughout its numerous business lines, including credit financing. The corporation is located in São Paulo and employs more than 13,000 people across Brazil and Uruguay.

On October 14, the company notified the incident to the Securities and Exchange Commission (SEC), stating it “promptly activated all security protocols” and that it has been gradually rebuilding its operating environment and striving to resume regular business as soon as possible.

Porto Seguro did not provide any additional information on the type of incident it had experienced but did say that no data leakage had been discovered regarding the company, its subsidiaries, customers, or partners, including any personal information.

5- Mexico Suffers From Data Breaches 

On January 23, the Network in Defense of Digital Rights (R3D), a Mexican organization dedicated to defending human rights in the digital world, announced a significant data breach.

In a press release, R3D notified that databases of private banks and Mexican companies were put on sale in a dark web forum on January 22. Banks concerned are Spanish firms Santander and BBVA. Meanwhile, the database of the Mexican Institute of Social Security also was breached.

Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.
Try for free