Advanced persistent attacks (APTs) will become more common across banking institutions in Latin America and will be the entry way of cybercriminals to these organisations, according to security firm Kaspersky Lab. "APTs were used as a means of corporate and government espionage, but attacks such as Carbanak (an APT-style campaign targeting - but not limited to - financial institutions ) proves that APTs with the final objective of financial gains will become a lot more common in Latin America," Fabio Assolini, senior researcher at Kaspersky.
The recent attack to the Swift network in Ecuador also demonstrates that Latin banks are under constant threat and there is a risk that such threats will spread across the region. "It is quite possible that criminals have chosen a smaller country and financial network as a kind of trial," Kaspersky's Assolini says. "Countries like Brazil are a lot more advanced in terms of banking technology and security, as well as an early adopter of security innovations. But that does not mean that larger countries are safe at all."
ATMs running outdated software and equipment is another main threat that leaves Latin American banking customers exposed. "Many machines run software that is no longer supported and lack any security patches, so they become an obvious target to criminals," says Kaspersky's Assolini, adding that his firm has identified many banks running systems such the XP and 2000 versions of Windows, as well as exposed routers, which can open up access to the bank's network.
Jackpotting - malware attacks that enable crooks to drain ATMs within minutes - is already common elsewhere in the world but Kaspersky predicts the practice will become common very quickly in Latin America as criminals gain access to banks' networks through their own employees and outsourcing service providers.
Another popular practice in the cybercrime world, card skimming - a method used by criminals to capture data from the magnetic stripe on the back of an ATM card - will also become the new normal in Latin America, according to Kaspersky. One increasingly common skimming method that is often seen in Brazil is the so-called "Chupacabra malware," whereby criminals can "suck" credit card data of unsuspecting users.