Cyberattacks Intensify Pressure on Latin American Governments

CYBER RISK CYBERSECURITY OPERATIONS THREAT INTELLIGENCE VULNERABILITIES & THREATS NEWS Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific Cyberattacks Intensify Pressure on Latin American Governments Cyber threats across Latin America are increasingly targeting government systems, from disruptive attacks in Puerto Rico to a surge of probes against Colombia’s health sector. Robert Lemos,Contributing Writer April 1, 2026 4 Min Read SOURCE: HTGANZO VIA SHUTTERSTOCK Government organizations in Latin America and the Caribbean are wrestling with a spate of attacks on critical agencies that far outpaces the rest of the world, including hits on a national health agency in Colombia, a potential compromise of Puerto Rico's transportation department, and AI-assisted hackers targeting Mexico's government en masse. Overall, organizations in Latin America suffered about 3,050 attacks per week in March, compared to a little more than 2,000 per week for the average global organization, according to data from Check Point Software Technologies. Government agencies are targeted even more often, with nearly 4,200 attacks per week, a thousand attacks more than the average across all industries, says Angel Salazar, security engineering manager for the Latin American region at Check Point. "Government networks usually have constant exposure: public services that must stay online, older systems that are hard to replace, and many users coming and going," he says. "All of this creates a continuous attack surface, not something occasional." Related:Middle East Conflict Highlights Cloud Resilience Gaps The month of March became a steady parade of breach news for the region. Early in the month, a group of hacktivists compromised at least nine government agencies in Mexico with the help of major AI systems, likely accessing more than 195 million identities and tax records. Colombia's health ministry, the Superintendencia Nacional de Salud (Supersalud), suffered more than 23 million cyberattacks and probes during the month, the agency stated in a March 27 notification, responding to allegations that its systems had been hacked. And last week, Puerto Rico's Department of Transportation halted issuing driver's licenses, following a cyberattack that was ultimately unsuccessful, the agency told media. Most often the attacks are perpetrated by financially motivated criminals, but nation-state espionage attacks and politically motivated hacktivism have both evolved as risks, says Camilo Gutiérrez, field chief information security officer (CISO) for cybersecurity firm ESET's Argentina Country Office. "For the daily operation of a government organization in Latin America, the most probable risk is still criminal, but for strategic management, the state-related or hybrid activity is not something small anymore and should not be ignored," he says. Phishing Drives Stolen-Credential Surge Overall, Latin America has moved from being a secondary target for attackers to becoming one of the more heavily targeted regions globally — and government agencies are consistently near the top of the target list, says Tom Hegel, a distinguished threat researcher at SentinelOne, a cybersecurity platform provider. Related:Abu Dhabi Finance Week Exposed VIP Passport Details The region has to deal with a mature banking-Trojan ecosystem, as well as information stealers, which have recently dominated, harvesting credentials to fuel initial-access broker services online, he tells Dark Reading. "The region has a massive exposed credential problem," Hegel says. "Billions of credentials are circulating through Telegram channels and Dark Web markets. Infostealers harvest them, initial-access brokers package and sell the access, and ransomware affiliates buy their way in." Email remains the main delivery channel for attacks, with about 82% of malicious files arriving in email, compared to a 56% rate globally, according to Check Point's Salazar. "In practice, attackers usually follow the same familiar paths," he says. "Phishing remains the main way attackers get in, which makes sense since email is still the most common way malicious content is delivered in the region." Yet, attackers are also taking advantage of exposed services and systems that support public services — and thus are connected to the Internet — because many of them are built on older platforms, he says. Related:Surging Cyberattacks Boost Latin America to Riskiest Region Attackers Are Mature, Defenders Less So Many government organizations have to deal with securing legacy technology, which creates difficult patching problems, says ESET's Gutierrez. Cyberattackers scan for unpatched and outdated software, and many local government agencies are making do with older systems that they have trouble keeping up to date, he says. In addition, many Latin American institutions lack skilled cybersecurity workers and the operational capabilities to maintain their IT infrastructure, Gutierrez says, pointing to a World Bank report that indicated a regional gap of about 350,000 cybersecurity professionals. "This is not just something abstract," he says. "Less specialized people means less hardening, less monitoring, and slower response times." Check Point's Salazar agrees that the public sector's problem is often "more structural than technical, with older systems, uneven patching, small security teams, and complex supplier relationships all increasing risk." Organizations should start by securing the most common entry point: email, he says. Next, regularly scanning the external attack surface area can find previously unknown vulnerable assets, helping the organization tighten its security. And since government agencies are custodians of citizen data, they should also prioritize efforts to reduce data exposure and minimize leakage, he says. "Government agencies in the region must maintain real-time visibility into what is exposed, understand what can truly be exploited, and prioritize remediation of the risks attackers are most likely to target," Salazar says. Read more about: DR Global Latin America About the Author Robert Lemos Contributing Writer Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBER RISK How Can CISOs Respond to Ransomware Getting More Violent? by James Doggett JAN 28, 2026 CYBER RISK Switching to Offense: US Makes Cyber Strategy Changes by Robert Lemos, Contributing Writer NOV 21, 2025 CYBER RISK Zambia's Updated Cyber Laws Prompt Surveillance Warnings by Robert Lemos, Contributing Writer APR 23, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ CYBER RISK What Orgs Can Learn From Olympics, World Cup IR Plans byTara Seals MAR 12, 2026 THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE