QCOSTARICA – The pandemic accelerated the adoption of technology, digitization, as well as the automation of processes and tasks within the different business, industrial, and service sectors.
As the new formality advances in the region and the activities that used to be carried out prior to confinement are resumed, alerts are generated by cyber criminals as they have changed course again, focusing on tools and those victims that maximize their efforts and profits.
Costa Rica experienced more than 2.5 billion attempted cyberattacks in 2021, according to Fortinet data and according to the latest threat intelligence report from Check Point, a partner of Secure Solutions, the Costa Rican government receives about 1,580 weekly cyberattacks on average.
In addition, the 2021 Fortinet report reveals that the countries of Latin America and the Caribbean are on a par with other regions and have been the target of nearly 10% of all cyberattack attempts that have occurred in the world in the last year. It is estimated that last year there were 289,000 million cyber threats that affected Latin America, which means that each of the 667 million inhabitants has been subjected to an average of 433 attacks a year (more than one a day).
“We see an increase that occurs through different types of threats such as phishing, malware and mainly the objective is ransomware or information hijacking. These cyberattackers take advantage of the vulnerabilities of the systems and on many occasions we think that this only affects data centers or information bases, however, any system or equipment connected to an internet connection network or cloud can be a gate to being a victim of this type of crime,” commented Mario Marchena, sales engineer for end-user solutions at Secure Power for Schneider Electric Central America.
Cybercrime is constantly evolving, attackers are always aware of the latest trends and technologies to hook the largest number of victims with attacks that often involve various actions that seek to make at least one successful. In addition, attacks have gone from being basic and massive to more complex and selective, which suggests that cyber criminals are refining their tactics and procedures to avoid hitting the air and be more efficient with their objective.
“In the last two years, companies from all sectors have migrated much of their processes, equipment, machinery and maintenance controls to intelligent systems connected to the Internet of things, to cloud networks, interconnecting and digitizing. However, when making this migration, it must be taken into account that solid security parameters and systems must be in place to prevent an attacker from taking advantage of these multi-channel or multi-port platforms,” said Marchena.
Sectors at risk
In 2021, attacks on systems in the health sector increased by up to 47%, and between 2020 and 2021, there were at least 168 ransomware attacks that affected 1,763 clinics, hospitals and health care organizations in the United States, according to data from Emsisoft. Furthermore, a Trend Micro report indicates that 6 out of 10 manufacturers have experienced cyberattacks on their smart factories and 75% of them have experienced system outages as a result.
Recently in Costa Rica, the Conti criminal group attacked 30 Costa Rican institutions, amongh them the Ministerio de Hacienda (Ministry of Finance), the Ministry of Labor, the Ministry of Science, Technology and Telecommunications (Micitt), the Caja Costarricense de Seguro Social (CCSS) and the national weather service, the Instituto Meteorológico Nacional (IMN) and have come to request US$20 million dollars as a ransom.
Read more: Hacking of the CCSS: Hospitals can’t turn on computers
The Micitt detected more than four million cyberattacks against public entities in a period of 24 hours.
Another example of this type of attack was a crime committed in 2020 against the University of Vermont Medical Center (UVM) when an employee accidentally opened a file sent by email from her homeowners association, which had been hacked, that This mistake ended up causing UVM Health Network, which includes the state’s largest hospital in Burlington, to cancel surgeries, postpone mammogram appointments and delay treatment for some cancer patients, as well as disconnect all of its equipment from the Internet and use paper for everything for 28 days. The cyberattack cost the Vermont hospital system some US$54 million, including rebuilding the computer network and lost revenue, according to authorities.
In May 2021, the US government declared a regional state of emergency following a cyberattack on the country’s largest oil pipeline network, which left it inactive since Friday night. A group of hackers completely disconnected and stole more than 100 GB of information from the Colonial Pipeline, which transports more than 2.5 million barrels per day, 45% of the supply of diesel, gasoline and fuel consumed by airliners. East Coast. The company paid a $4.4 million ransom to get its operation back on track.
“It is important to keep in mind that the systems of, for example, a bank, are not the same as those of a hospital, in which the monitoring of equipment becomes lighter and becomes an opportunity because the attacker will not go after the equipment but the software that controls it, by having access to a shared network you can enter through that software and reach databases or sensitive information as well as control the operation of the equipment and even interrupt its operations” commented the sales engineer of Secure Power end-user solutions for Schneider Electric Central America
For this, Schneider Electric, the leader in digital transformation of energy management and automation and recognized as the most sustainable company in the world by the Global 100 index of Corporate Knights of 2021, has several solutions through EcoStruxure that offer a end-to-end protection by monitoring and protecting the equipment and systems connected to it regardless of their software.
