Cyber threats across Latin America are increasingly targeting government systems, from disruptive attacks in Puerto Rico to a surge of probes against Colombia’s health sector.
Government organizations in Latin America and the Caribbean are wrestling with a spate of attacks on critical agencies that far outpaces the rest of the world, including hits on a national health agency in Colombia, a potential compromise of Puerto Rico's transportation department, and AI-assisted hackers targeting Mexico's government en masse.
Overall, organizations in Latin America suffered about 3,050 attacks per week in March, compared to a little more than 2,000 per week for the average global organization, according to data from Check Point Software Technologies. Government agencies are targeted even more often, with nearly 4,200 attacks per week, a thousand attacks more than the average across all industries, says Angel Salazar, security engineering manager for the Latin American region at Check Point.
"Government networks usually have constant exposure: public services that must stay online, older systems that are hard to replace, and many users coming and going," he says. "All of this creates a continuous attack surface, not something occasional."
The month of March became a steady parade of breach news for the region. Early in the month, a group of hacktivists compromised at least nine government agencies in Mexico with the help of major AI systems, likely accessing more than 195 million identities and tax records. Colombia's health ministry, the Superintendencia Nacional de Salud (Supersalud), suffered more than 23 million cyberattacks and probes during the month, the agency stated in a March 27 notification, responding to allegations that its systems had been hacked. And last week, Puerto Rico's Department of Transportation halted issuing driver's licenses, following a cyberattack that was ultimately unsuccessful, the agency told media.
Most often the attacks are perpetrated by financially motivated criminals, but nation-state espionage attacks and politically motivated hacktivism have both evolved as risks, says Camilo Gutiérrez, field chief information security officer (CISO) for cybersecurity firm ESET's Argentina Country Office.
"For the daily operation of a government organization in Latin America, the most probable risk is still criminal, but for strategic management, the state-related or hybrid activity is not something small anymore and should not be ignored," he says.
The region has to deal with a mature banking-Trojan ecosystem, as well as information stealers, which have recently dominated, harvesting credentials to fuel initial-access broker services online, he tells Dark Reading.
"The region has a massive exposed credential problem," Hegel says. "Billions of credentials are circulating through Telegram channels and Dark Web markets. Infostealers harvest them, initial-access brokers package and sell the access, and ransomware affiliates buy their way in."
Email remains the main delivery channel for attacks, with about 82% of malicious files arriving in email, compared to a 56% rate globally, according to Check Point's Salazar.
"In practice, attackers usually follow the same familiar paths," he says. "Phishing remains the main way attackers get in, which makes sense since email is still the most common way malicious content is delivered in the region."
Yet, attackers are also taking advantage of exposed services and systems that support public services — and thus are connected to the Internet — because many of them are built on older platforms, he says.
In addition, many Latin American institutions lack skilled cybersecurity workers and the operational capabilities to maintain their IT infrastructure, Gutierrez says, pointing to a World Bank report that indicated a regional gap of about 350,000 cybersecurity professionals.
"This is not just something abstract," he says. "Less specialized people means less hardening, less monitoring, and slower response times."
Check Point's Salazar agrees that the public sector's problem is often "more structural than technical, with older systems, uneven patching, small security teams, and complex supplier relationships all increasing risk."
Organizations should start by securing the most common entry point: email, he says. Next, regularly scanning the external attack surface area can find previously unknown vulnerable assets, helping the organization tighten its security. And since government agencies are custodians of citizen data, they should also prioritize efforts to reduce data exposure and minimize leakage, he says.
"Government agencies in the region must maintain real-time visibility into what is exposed, understand what can truly be exploited, and prioritize remediation of the risks attackers are most likely to target," Salazar says.
Government organizations in Latin America and the Caribbean are wrestling with a spate of attacks on critical agencies that far outpaces the rest of the world, including hits on a national health agency in Colombia, a potential compromise of Puerto Rico's transportation department, and AI-assisted hackers targeting Mexico's government en masse.
Overall, organizations in Latin America suffered about 3,050 attacks per week in March, compared to a little more than 2,000 per week for the average global organization, according to data from Check Point Software Technologies. Government agencies are targeted even more often, with nearly 4,200 attacks per week, a thousand attacks more than the average across all industries, says Angel Salazar, security engineering manager for the Latin American region at Check Point.
"Government networks usually have constant exposure: public services that must stay online, older systems that are hard to replace, and many users coming and going," he says. "All of this creates a continuous attack surface, not something occasional."
The month of March became a steady parade of breach news for the region. Early in the month, a group of hacktivists compromised at least nine government agencies in Mexico with the help of major AI systems, likely accessing more than 195 million identities and tax records. Colombia's health ministry, the Superintendencia Nacional de Salud (Supersalud), suffered more than 23 million cyberattacks and probes during the month, the agency stated in a March 27 notification, responding to allegations that its systems had been hacked. And last week, Puerto Rico's Department of Transportation halted issuing driver's licenses, following a cyberattack that was ultimately unsuccessful, the agency told media.
Most often the attacks are perpetrated by financially motivated criminals, but nation-state espionage attacks and politically motivated hacktivism have both evolved as risks, says Camilo Gutiérrez, field chief information security officer (CISO) for cybersecurity firm ESET's Argentina Country Office.
"For the daily operation of a government organization in Latin America, the most probable risk is still criminal, but for strategic management, the state-related or hybrid activity is not something small anymore and should not be ignored," he says.
Phishing Drives Stolen-Credential Surge
Overall, Latin America has moved from being a secondary target for attackers to becoming one of the more heavily targeted regions globally — and government agencies are consistently near the top of the target list, says Tom Hegel, a distinguished threat researcher at SentinelOne, a cybersecurity platform provider.The region has to deal with a mature banking-Trojan ecosystem, as well as information stealers, which have recently dominated, harvesting credentials to fuel initial-access broker services online, he tells Dark Reading.
"The region has a massive exposed credential problem," Hegel says. "Billions of credentials are circulating through Telegram channels and Dark Web markets. Infostealers harvest them, initial-access brokers package and sell the access, and ransomware affiliates buy their way in."
Email remains the main delivery channel for attacks, with about 82% of malicious files arriving in email, compared to a 56% rate globally, according to Check Point's Salazar.
"In practice, attackers usually follow the same familiar paths," he says. "Phishing remains the main way attackers get in, which makes sense since email is still the most common way malicious content is delivered in the region."
Yet, attackers are also taking advantage of exposed services and systems that support public services — and thus are connected to the Internet — because many of them are built on older platforms, he says.
Attackers Are Mature, Defenders Less So
Many government organizations have to deal with securing legacy technology, which creates difficult patching problems, says ESET's Gutierrez. Cyberattackers scan for unpatched and outdated software, and many local government agencies are making do with older systems that they have trouble keeping up to date, he says.In addition, many Latin American institutions lack skilled cybersecurity workers and the operational capabilities to maintain their IT infrastructure, Gutierrez says, pointing to a World Bank report that indicated a regional gap of about 350,000 cybersecurity professionals.
"This is not just something abstract," he says. "Less specialized people means less hardening, less monitoring, and slower response times."
Check Point's Salazar agrees that the public sector's problem is often "more structural than technical, with older systems, uneven patching, small security teams, and complex supplier relationships all increasing risk."
Organizations should start by securing the most common entry point: email, he says. Next, regularly scanning the external attack surface area can find previously unknown vulnerable assets, helping the organization tighten its security. And since government agencies are custodians of citizen data, they should also prioritize efforts to reduce data exposure and minimize leakage, he says.
"Government agencies in the region must maintain real-time visibility into what is exposed, understand what can truly be exploited, and prioritize remediation of the risks attackers are most likely to target," Salazar says.