LatAm Now Faces 2x More Cyberattacks Than US - Dark Reading

TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources THREAT INTELLIGENCE CYBERSECURITY OPERATIONS CYBER RISK CYBERSECURITY ANALYTICS NEWS Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific LatAm Now Faces 2x More Cyberattacks Than US Much of Central and South America struggles with cybersecurity maturity, and hackers are taking advantage. Nate Nelson,Contributing Writer March 5, 2026 4 Min Read SOURCE: ADINA TOVY/ART DIRECTORS VIA ALAMY STOCK PHOTO Nowhere in the world has cyber threat activity been growing faster than in Latin America, thanks in part to relatively rapid digital adoption on the part of businesses in the region, combined with relatively stagnant cybersecurity growth.  Last year, researchers at Check Point tracked a 53% year-over-year rise in weekly cyberattacks in Latin America, and as of 2026, they confirmed it to be the most heavily targeted region on the planet. In an updated, unpublished March 2026 threat report shared with Dark Reading, Check Point found that Latin American organizations currently face an average of around 3,100 cyber threats per week. By comparison, in recent months, their counterparts in the United States have averaged just under 1,500. The difference isn't only in volume, either. In some respects, the nature of cyberattacks in each region differ significantly, right down to the smallest details: where they come from, what form they come in, etc. Related:Iran Hacktivists Make Noise but Have Little Impact on War North & Central/South American Cyberattacks Diverge Certain categories of cyberattack are just more common in Latin America, be they ransomware hits (accounting for 5.4% of attacks last month vs. 3.1% in the US) or those involving infostealers (5.3% vs. 2.1%), banking malware (2.8% vs. 0.8%) or botnets (13.1% vs. 7.2%). In contrast, certain file types, like Microsoft Excel spreadsheets (XLS, XLAM) show up more often in enterprise-focused US attacks, but hardly register down south. Most notable amongst all of Check Point's recent data, though, is a disparity in how attacks are first initiated. A stunning 95% of malicious files in the US last month were delivered via the Web — compromised websites, drive-by downloads, malvertising, etc. By contrast, that number was just 26% in Latin America, with email making up the other 74%. "Phishing campaigns continue to be extremely effective in the [Latin America] region, particularly those impersonating financial institutions, payment notifications, invoices, travel confirmations, or government communications," says Julio Lemus, security engineer and office of the chief technology officer (CTO) at Check Point. "This could be due to a lack of cyber awareness by average businesses and consumers." Threat actors also take interest in different sectors, depending on whether they're attacking countries in North or South America. For instance, healthcare was the ninth most victimized US sector in Check Point's data last month. For multiple months in a row it has topped the Latin American list, and in February it was targeted around 28% more than the next most targeted sector (education). The financial services industry, which didn't make Check Point's Top 10 in the US, ranked as the sixth most targeted in Latin America. Related:EU Sanctions Companies in China, Iran for Cyberattacks Why Hackers Pick on Latin America In its 2025 Cybersecurity Report, the Organization of American States (OAS) and Inter-American Development Bank (IDB) assessed the overall cybersecurity maturity of countries across Latin America and the Caribbean. They used the OAS and Oxford University's Cybersecurity Capacity Maturity Model for Nations (CMM), which, though rather complex, can vaguely score countries on a scale from 0 to 5, with five representing world-leading cybersecurity maturity, and zero representing total immaturity. The results of the analysis were unimpressive. "The security level of maturity for most of the countries were scored between 2 and 3," recalls Carlos Borges, senior intel analyst with Intel471. Borges, who's from Brazil, thinks, "We do have many big companies, particularly in the financial industry, that have good resources to protect themselves. But if you look at how it is in general, most companies of medium-size and low-size are still fragile, and of course they are susceptible to more opportunistic actors." Related:SideWinder Espionage Campaign Expands Across Southeast Asia Even some of those larger organizations underwhelm, though. Borges points to the high-profile supply chain incident at Brazilian fintech provider C&M Software last July as a case in point. "They had an insider that worked with a cybercrime group. [They] stole funds from the customers of this company, and it reached hundreds of millions of dollars from the core financial system in Brazil, operated by the Brazilian Central Bank. Two months later, the same company was also breached by the Dragonforce ransomware group. That speaks a little to how even those companies that are particularly involved with more resourceful industries are still susceptible." Check Point's Lemus also attributes the disparity between Latin America and the rest of the world to differing maturity levels, but also cites a variety of other economic and technological factors. For example, he says, "many organizations in the region operate with mixed IT environments and uneven security investments, which creates opportunities for attackers looking for easier entry points." Another factor, he adds, "is that cybercriminal groups increasingly view Latin America as a high-return region for fraud and extortion, where attacks can still succeed with relatively simple techniques such as phishing or credential theft. As a result, attackers often scale campaigns across multiple organizations simultaneously, which contributes to the higher weekly attack averages." Read more about: DR Global Latin America About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports AI SOC for MDR: The Structural Evolution of Managed Detection and Response Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Gartner IGA Voice of the Customer 2026 Cybersecurity Forecast 2026 Access More Research Webinars Identity Maturity Under Pressure: 2026 Findings and How to Catch Up Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN More Webinars You May Also Like THREAT INTELLIGENCE Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi MAR 06, 2026 THREAT INTELLIGENCE CISA: Pro-Russia Hacktivists Target US Critical Infrastructure by Elizabeth Montalbano, Contributing Writer DEC 10, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 THREAT INTELLIGENCE Trump Targets Krebs, Revokes SentinelOne Security Clearance by Kristina Beek, Associate Editor, Dark Reading APR 10, 2025 Editor's Choice CYBERSECURITY OPERATIONS RSAC 2026: AI Dominates, But Community Remains Key to Security byKristina Beek,Rob Wright APR 2, 2026 CYBERATTACKS & DATA BREACHES Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate byNate Nelson APR 2, 2026 3 MIN READ ENDPOINT SECURITY CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry byJeffrey Schwartz APR 3, 2026 3 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Identity Maturity Under Pressure: 2026 Findings and How to Catch Up WED, MAY 6,2026 AT 1PM EST Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST More Webinars White Papers How Sunrun Transformed Security Operations with AiStrike Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity Explore More White Papers BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE Discover More Black Hat Omdia Working With Us About Us Advertise Reprints Join Us NEWSLETTER SIGN-UP Follow Us Copyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466. Home| Cookie Policy| Privacy| Terms of Use Your Privacy Choices