Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia, and South America before targeting richer countries that have more sophisticated security methods.
Hackers have adopted a “strategy” of infiltrating systems in the developing world before moving to higher-value targets such as in North America and Europe, according to a report published on Wednesday by cyber security firm Performanta.
“Adversaries are using developing countries as a platform where they can test their malicious programs before the more resourceful countries are targeted,” the company told Banking Risk and Regulation, a service from FT Specialist.
Recent ransomware targets include a Senegalese bank, a financial services company in Chile, a tax firm in Colombia, and a government economic agency in Argentina, which were hit as part of gangs’ dry runs in developing countries, the data showed.
The research comes as cyber attacks have almost doubled since before the COVID-19 pandemic, exacerbated in the developing world by rapid digitization, good Internet networks, and “inadequate” protection, the IMF said this month.
Reported losses from cyber incidents to businesses worldwide since 2020 had climbed to almost $28 billion, with billions of records stolen or compromised, the IMF said, adding that total costs were likely to be “substantially higher.”
The “staging ground” tactic worked because businesses in those countries had “less of an awareness of cyber security,” said Nadir Izrael, chief technology officer at cyber security group Armis.
“Let’s say you’re going to attack banks,” Izrael said. “You would try out a new weaponized package in a country like Senegal or Brazil, where there are enough banks that might be similar, or international arms of companies that are similar to what you would want to try and attack.”
Medusa, a cyber gang that “turns files into stone” by stealing and encrypting companies’ data, began to attack businesses in 2023 in South Africa, Senegal, and Tonga, the Performanta report said. Medusa was responsible for 99 breaches in the US, UK, Canada, Italy, and France last year.