They kick off the year by sharing a detailed analysis of the cybersecurity lessons learned during 2023, courtesy of Erik Moreno, Director of Cybersecurity at Minsait, an Indra company, in Mexico. In this report, Erik highlights the challenges and risks that have marked the cybersecurity landscape, offering a unique perspective on the situation in Mexico. Critical topics are explored, such as the most vulnerable sectors, constant threats, and their impact on digital security.
2023 was a year that passed with shocks in the social, political, economic, and climatic spheres, which will be remembered for a long time. The conflict between Russia and Ukraine, for example, has shown that a war is no longer fought only in a limited territory and that the risks of falling victim to a cyber attack are real.
It is also an opportunity to take a perspective on the risks and threats that have targeted different sectors of the country, as well as their impact over the past twelve months. A local perspective allows for an objective assessment of where the weakest links are to focus the cybersecurity strategy, today and in the future, to protect organizations’ “crown jewels”.
The most vulnerable sectors
According to data from Minsait’s Cybersecurity Defense Center, there are two main sectors that have been most impacted by threats: government and financial.
In the case of the government sector, 50% of the attacks were directed at centralized and decentralized entities of the Mexican government. One of the most resonant incidents was the Guacamaya Leaks, which managed to exfiltrate highly confidential information from the National Army’s systems.
The financial sector also experienced an equal percentage of attacks (50%) between 2019 and 2023, affecting not only the organizations in the sector but also their users. Over these four years, entities in the Mexican financial system have reported 106 cybersecurity incidents to the National Banking and Securities Commission (CNBV), which, for authorities and specialists, may be underreported as not all attacks are reported.
The Cyberattack Risk Index in Mexico, in the Financial Stability Report, reveals that the most frequent cyber threats in recent years include the sale of banking card information, malicious code, and data hijacking.
The retail, industrial, and supply chain sectors follow, collectively targeted by 25% of the threats. It is worth noting that the supply chain is on the list for the first time, indicating that small and medium-sized businesses in this niche are less mature from a cybersecurity and technology perspective compared to large organizations.
Constant threats
The Cybersecurity Defense Center team has also conducted a comprehensive analysis to identify the main threats constantly targeting organizations in the country.
- Ransomware. This threat not only continues to grow but also evolves continuously. Contemporary ransomware seeks to both encrypt information and extract it in large quantities. For Mexican organizations, this represents a huge challenge, as cybercriminals can obtain their information and that of their clients, suppliers, employees, as well as their financial statements, putting their reputation and continuity at serious risk. The Cybersecurity Defense Center reports that 64.3% of suspicious activity was ransomware.
- Advanced Persistent Threats (APT). In 2023, threats of this nature accounted for 17.21% of recorded malicious activities. Unfortunately, many Mexican companies do not yet have the necessary level of maturity to detect them, and even fail to understand the level of risk they represent. APT creators are known for studying the organization’s business in detail, its supply chain, its technological structure, and colluding with insiders to launch an effective APT attack.
- Botnets. Botnets, which remotely take control of critical organization assets, made up 10.5% of the threats, placing them in third place.
Impact and figures
The impact of these threats is not minimal and demands concrete and more effective actions to combat them. While there are more regulated industries, such as the financial sector, where the regulatory framework requires implementing strict protection and cybersecurity mechanisms, which will take time to permeate others, this should not be a condition for implementing robust protection controls adapted to each sector’s reality.
The Cybersecurity Defense Center has compiled information on the most commonly used attack vectors by cybercriminals to penetrate organizations, and the results are as follows:
- With 44%, phishing was one of the attack vectors through which Mexican organizations’ assets were compromised, with a success rate close to 100%.
- The exploitation of unknown vulnerabilities occupied the second position with 24.13% as the most frequently used vector in Mexico. Major software manufacturers strive to minimize vulnerabilities; however, companies do not update or apply the provided patches, leaving the door open for attackers to carry out their threats.
- 10.34% of cyberattack attempts utilized malicious software in its various forms. Trojans were among the most popular. Unlike two decades ago, this malware does not penetrate a system through a removable medium; today, it does so using downloadable applications, many of them free, which are exploited by criminals to access the organization’s assets through lateral movement.
Lockbit, MarioLocker, Black Hat SEO, and Lazarus are groups dedicated to developing attacks on software campaigns that exploit the aforementioned threats and vectors. These are large groups with global reach and international funding, whose power to recruit new technological, human, and business resources within companies grows exponentially.
The Cybersecurity Defense Center has compiled some figures that give a broader perspective of the current threat environment in which Mexican companies operate. Throughout 2023, the following were detected:
- Over 153,000 ransomware campaigns
- More than 25 botnet campaigns
- Over 41 APT campaigns
- 13 phishing campaigns
- More than 2,621 detected vulnerabilities, of which 50% were high-risk and 15% were critical.
- Microsoft reported 877 vulnerabilities.
- Web browsers like Chrome, Firefox, and Edge identified 423 vulnerabilities
- Linux, Oracle, and Red Hat had 292, 219, and 212 vulnerabilities, respectively.
In a context of accelerated digital transformation, cyber threats do not relent. Collaboration between companies, service providers, and developers is essential to create an effective protection environment. The reality in Mexico reflects the global situation, where cybersecurity becomes imperative. Not lowering one’s guard and adapting to the lessons learned is crucial to safeguard the integrity of organizations in the current digital landscape.