Cytegic DyTA intelligence platform gathers, processes and analyses hundreds of thousands of intelligence feeds on a month basis, to allow a quick and understandable cyber-trend analysis. DyTA enables cyber-intelligence analysts and CISOs to understand and analyze the threat level of each attacker and attack method relevant to their organization, according to their geopolitical region, industry sector and corporate assets. The following report represents the most interesting and active cyber-trends that DyTA analyzed before and during the Copa America 2015 in Chile. As a background we analyzed the main trends that occurred during the 2014 World Cup which took place in Brazil during June to July 2014.
Interesting trends that rose from our analysis: – In South and Central America, prior to the Copa America, there is a rise in the activity level of financial hackers (as compared to the previous months), and according to DyTA’s forecast, this trend is likely to continue in the coming weeks. – The main attack methods used by hackers in South and Central America were Denial of Service, Malware and Terminal Malware (which includes POS and ATM attacks), similarly to the period surrounding the 2014 World Cup in Brazil. – Chile, the hostess of the Copa America, is the fourth in cyber activity in South America, and had a rise in cyber activity a month before the beginning of the tournament. – Mexico, as a participant in the Copa America, had the largest quantity of cyber-attacks prior to the tournament. – The most targeted assets on the attackers’ scope, both in Central and South America, as we saw in the World Cup, are Payment Cards, and Financial Transactions. – Government was the most targeted sector, followed by banking and finance and retail prior to Copa America, similarly to the period surrounding the 2014 World Cup.
- South America Threat Landscape
When comparing the two tournaments, in the same timeframe, it is notable that there is more activeness of hackers in general before and in the start of the Copa America, particularly financial hackers (62.2% of all the attacks), just like in the World Cup tournament a year before. According to DyTA’s forecast, it appears that financial hackers are likely to continue being the most active attackers in the coming weeks.
When looking from the perspective of TTPs, it is clear to see that the main methods used were Denial of Service (41.7%) and Malware (22.7%). It is noticeable that there is a rise during the start of the Copa America, similarly to the World Cup. In addition, we can see that similar to the World Cup, in the Copa America, Terminal Malware, which includes POS and ATM attacks, experienced a significant rise. On the other hand, unlike the World Cup, the Copa America shows a low percentage of Phishing attacks.
Another interesting trend showed that the host of the tournament – Chile, is the fourth in cyber activity in South America, and had a rise in cyber activity a month before the beginning of the tournament, in comparison to the last six months (beginning of 2015).
- Central America Threat Landscape
It is interesting to see that Central America is also affected by the tournament. The most active attacker is the financial hacker, the same as in South America. Again, according to the forecast, its activity level will continue to rise in the near future.
In addition, when looking from the perspective of TTPs it is clear that the main methods are Malware, Terminal Malware attacks (ATM and POS) and DDos, just like in South America and during the World Cup.
An important fact, is that Mexico as a participant and not hostess seems to have the largest quantity of attacks before and during the Copa America, and also a rise before the beginning in comparison to the last six months (beginning of 2015).
- Most Targeted Assets
The most targeted assets on the attackers’ scope both in Central and South America, as we saw in the World Cup, are Payment Cards, Personal Identifiable Information (Client Data) and “straight-forward” financial assets such as Monetary Value (bank accounts, Bitcoin, among others) and Financial Transactions.
- Threat Level by Industry
As mentioned above, in the World Cup many of the attacks were done by Hacktivists who targeted government sites. We can see both in Central and South America that in the Copa America the situation is the same. Government was the most targeted sector, followed by banking and finance and retail. This coincides with our assessments regarding the effect large sporting events have on the government and the financial sector of the hosting nation.