A recent cyberattack that hit government websites in Brazil, including platforms that track vaccinations and epidemiological data on COVID-19, has stoked concerns about a surge in ransomware attacks on critical infrastructure in Latin American countries.
The series of attacks, which occurred throughout December, compromised the Ministry of Health's portal, including DataSUS, a platform that gathers information on COVID-19 cases and deaths, O Globo reported. The platform remains down and is not expected to be back online until January 15, Health Minister Marcelo Queiroga said. ConectaSUS, the application for issuing vaccination certificates, was also knocked offline for nearly two weeks until being restored at the end of December.
Reuters reported that the hacking collective, Lapsus$ Group, claimed responsibility for the attacks, leaving a message that said internal data had been copied and deleted. "Contact us if you want the data back," the group said.
The hackers left a message on one government site that made clear the incursions were part of a coordinated ransomware attack. "Let's get a few things straight: our only goal is to get money," the group said in the message, which was quickly removed, according to Brazilian newspaper, O Estado de S. Paulo.
Such attacks were a scourge throughout the region in 2021, with criminals making demands on the National Lottery Service and the Ministry of the Economy in Mexico; banks and major news outlets in Chile; and medical centers in Argentina.
InSight Crime Analysis
Brazil's attacks cap off a year in which Latin America has seen an explosion in ransomware attacks, as hackers use new tactics to target critical web infrastructure left unguarded.
"Cybercriminals are using vulnerability scanners," Danny Paton, a cybersecurity expert focused on Latin America and the Caribbean, told InSight Crime. "The process is somewhat automated. Once they find something that's open, they will attack it," he said.
Cyberattacks in Latin America increased by 24 percent in just the first eight months of 2021, according to cybersecurity giant Kaspersky.
Steph Shample, a senior cybersecurity expert with internet security firm, Team Cymru, said that the more sophisticated hackers use public information to adjust the vulnerability scanners to target regions and countries where they know protection is lagging.
"Latin America is exploding as far as interconnectivity and with that connection come risks that aren't being addressed," Shample told InSight Crime.
A 2020 study by the International Development Bank (IDB) found that only seven out of 32 Latin American countries have a critical infrastructure protection plan. The IDB defines critical infrastructure as the systems and networks vital to national security, economy, public health and safety.
Mexican cybersecurity expert Hiram Alejandro said that Latin American governments, including Mexico, are even lagging in identifying the institutions they consider critical infrastructure in the context of cybersecurity.
"Without that definition, you don't know what to prioritize," he told InSight Crime. "That's what we're missing. Russia, the United States, Europe, Asia have defined [what's critical] and implemented cybersecurity measures for it."
In 2019 and 2020, Mexico saw high-profile attacks on state-owned petroleum company Pemex and the Ministry of Economy. In both cases, criminals wreaked havoc on the government institutions to extort large payouts.
Cybersecurity firm, Intel 471, said insecure critical infrastructure would continue to be an exceptionally "juicy target" for criminals involved in ransomware.
"Let's be serious. There's a lot of ego in cybercrime, and a lot of these guys will want the bragging rights of ransoming an entire country, like Colombia or Brazil," she said. "That gets them money and makes them famous in the underworld."