Successive Cyberattacks In Colombia Expose Country’s Vulnerability

As attacks on a number of companies in the country reveal the vulnerability of its systems and users’ exposure, Bloomberg Línea talks to experts to find out what needs to be done

Photographer: Chris Ratcliffe/Bloomberg
January 25, 2023 | 10:33 PM

Read this story in

Spanish

Bogotá — A number of companies in Colombia have suffered cyber-attacks in recent months, affecting their operations and also exposing the vulnerability of the South American country to such incidents.

Among the companies that have suffered attacks are EPS Sanitas and Audifarma, and which have been victims of the installation of malware.

According to the cybersecurity company Lumu Technologies, among the most common types of malware are so-called crypters, which encrypt asset information; infostealers, which steal information to sell it on the dark web; cryptominers, which use the computers of hacked companies to mine cryptocurrencies, and ‘wipers’, which erase, destroy or make key information unavailable.

PUBLICIDAD

“Cybercriminals are increasingly looking to create disruption in access to essential services to society. Recent attacks show that any type of organization regardless of its size, whether public or private, is exposed to being a victim of a cyberattack,” German Patiño, a specialist at Lumu Technologies, told Bloomberg Línea.

Among the possible reasons for this wave of cyberattacks on Colombian companies is that hackers are seeking countries that are less prepared in cybersecurity.

Patiño said that countries must be able to detect ransomware and respond to the actions of criminals.

“Readiness is everything in cybersecurity,” he said.

PUBLICIDAD

When organizations understand that attacks on their technology can result in higher costs than preventive actions, they will strive to minimize their exposure to risk. They must remember that a cyberattack can not only result in monetary losses, but also affect their operations and reputation.

Felipe Gómez, Latin America manager at Fluid Attacks

Regarding the most recent cases, the Keralty group (owner of EPS Sanitas) acknowledged that the attacks it suffered affected its computer servers and that the confidentiality of some people’s data had been affected.

Audifarma reported that it had had to disable its physical and virtual servers after suffering a cyberattack in order to shield the organization’s information and that of its users.

Public entities have also suffered attacks, with the computer systems of the National Institute for the Surveillance of Medicines and Food (Invima) were breached last October and some files were encrypted.

In November 2021, Colombia’s statistics agency DANE suffered a cyberattack that left its website inoperative for at least six days.

BlackCat, a threat in Colombia

Computer security specialists have highlighted the technological sophistication of the attacks and that many of these use ransomware of the BlackCat or ALPHV family, which have the ability to “execute more complete payloads, enable more sophisticated evasion techniques to avoid detection by common security devices, and infect multiple devices and operating systems”, according to Lumu Technologies.

As of the end of December, Colombia had recorded a 133% increase in the number of institutions affected by ransomware versus the same period in 2021.

PUBLICIDAD

One of the biggest challenges for the country remains that, despite the fact that cases are more recurrent and aggressive, many companies choose not to report them to avoid reputational consequences.

However, records of cybersecurity companies in Colombia shared with Bloomberg Linea show that in the last year companies in sectors as diverse as telecommunications, technology, health and education, among others, have been affected.

Cyberattacks in Colombiadfd

Fernando Castro, a specialist at the cybersecurity firm Nozomi Networks, told Bloomberg Línea that the vulnerabilities present in the healthcare sector’s systems have facilitated the theft of information from medical devices, affecting operations in the granting of appointments, procedures and even the distribution of medications.

“The complexity of the situation is that malicious agents can gain access to medical systems used in the aggregation of device data for analysis and monitoring on a larger scale,” Castro said. “This manipulation could result in breakdowns, misinterpretation or even overdoses in the automatic delivery of medication if adequate measures are not taken to protect the entire medical infrastructure,” he warned.

PUBLICIDAD

He also explained that while attacks are targeted at the enterprise IT network, malicious actors can move laterally to the OT environment and disrupt the delivery services of basic and essential services to people, as seen in recent cases of cyberattacks.

PUBLICIDAD

This is why he believes that, in order to have a much more effective preventive control, it is necessary to make the entire critical infrastructure visible, immediately identify any anomalies in OT and IoT environments and take the necessary actions to protect their most critical assets.

Colombia’s cybersecurity still insufficient

Although cybersecurity has become more important within public discussion and is no longer seen as a futile expense, there are still many challenges for companies to integrate these solutions into their operations and, above all, to develop specialized units to address these issues.

The pandemic was a trigger for investments in this area to be increased in Colombia and, according to figures from Boston Consulting Group, by 2020 totaled $303 million, rising to $329 million in 2021.

PUBLICIDAD

According to the consultancy firm’s projections, spending on cybersecurity in Latin American companies could show an annual growth rate of 8% until 2024, to $8 billion, as this area becomes more of a priority.

Cyberattacks have become increasingly common because of the benefits that attackers find in executing information theft, and hijacking company services and infrastructure, as they see that they can gain large economic rewards and even access to more complex and even more profitable systems..

Fernando Castro of Nozomi Networks

The Latin America manager of cybersecurity firm Fluid Attacks, Felipe Gómez, told Bloomberg Línea that the growth in the number of cyberattacks in Colombia is related to a global increase, and is not an independent phenomenon.

“Colombia, as well as the rest of the countries in the world, is vulnerable to attacks because still only some industries are regulated to perform security tests on their technology and comply with certain international standards,” Gómez said. “Errors in technology will continue to exist, whether they are a product of its development or configuration. What companies must understand is that they must allocate human and monetary resources to keep their technological products secure and protect the information and assets of their clients or users.”

Fluid Attacks shared some attack prevention recommendations for companies:

  • Add cybersecurity as a key theme for the board of directors: cybersecurity is an issue that should be addressed at the organizational level, not just from within the company’s IT sector.
  • Carry out continuous security testing of technology and remediate vulnerabilities: Organizations should continuously test the security of technology from the earliest stages of its development and before offering it to users.
  • Measure risk with mathematical models: Organizations should know their level of exposure to cyberattacks by using quantitative models that indicate the probability of losing specific amounts of money.
  • Educate users: Many attacks can be prevented when users become accustomed to using complex passwords and changing them frequently. When they activate a multi-factor authentication option, they learn to identify scams and dangerous emails, and update their operating system and other software.
  • Develop an incident response plan: Organizations should be aware that there is a high and constant probability of cyberattacks, so they should form a response team and describe all the actions they will take to identify the causes of the attack, contain the effects, and communicate with users.