YOU ARE DOWNLOADING DOCUMENT

Please tick the box to continue:

Transcript
Page 1: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

Mexico: Cyber Threat Landscape

PRODUCED AUGUST 29, 2018

LOOKINGGLASS CYBER SOLUTIONS

THREAT ANALYSIS AND INVESTIGATIONS UNIT

Page 2: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

1

Overall Report Distribution is TLP: GREEN Overall Source/Information Reliability: B1

ExecutiveSummaryLatin America is vulnerable to hostile cyber activity, especially as the region developseconomicallyandtechnologically.Astheregion’seconomiesbecomemoretechnicallyadept,cybersecuritypracticesarecurrentlyfailingtokeepupwithadvancementsindigitization.Cybercrime,cyberespionage,andhacktivismhaveall targetedLatinAmerica. Mexico inparticular isoneof the fastest growingeconomies in theworld, leveraging technology topropelbusinessforward.Mexicoisonpacetobeamongthetopteneconomiesintheworldby2050,whichislargelytheresultofincreasedInternetaccessandimplementationofe-commerce.iAssuch,Mexicohasbeenattractingtheattentionofenterprisinghostilecyberactorsseekingtoexploitcommercialorganizationsforfinancialreward. WhilepromisinginitiativesliketheestablishmentofanationalcybersecuritystrategyandlegalframeworksdemonstrateMexico’sawarenessoftheimportanceofcybersecurity,theyareatanascentstage; it remains to be seen how they will be implemented, socialized, and enforced.LookingGlass analysts expect Mexico to continue to be a prime target in the region,particularlyasitscybersecurityeffortsareintheunenviablepositionofplayingcatch-uptoitseconomicdevelopment.

KeyPoints

• Mexico is one of the leading emerging economies in the region and, as such, willcontinue togarner the attention of hostile actors to exploit vulnerable in-countryorganizations. Banks and financial institutions have been the primary targets ofhostileactors.

• Cybercrimeistheprimarythreat,whichshouldcontinuefortheforeseeablefuture.

State-drivencyberespionagehasbeenobservedtargetingMexicaninterests. Suchactivity largely depends on the intent of actors seeking to ascertain the Mexicangovernment’s position on geopolitical issues and will ebb and flow accordingly.Hacktivism is a viable means of social protest that has historically targetedgovernmententitiesandwilllikelycontinueinthefuture.

• Unfortunately, there is limited information kept by government organizations to

providemorefidelityonhostilecyberactivitystatistics.Thatsaid,currentMexicanlawdoesnotmandatethatorganizationsreportbreaches,makingthosestatistics--eveniftheywereavailable--unreliable.

Page 3: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

2

LatinAmericaAsaregion,LatinAmericaisfacinganincreasingamountofcyberattacks.Aprimaryreasonforthisisitsgrowingpopulation,whichisincreasinglyconnectedtotheInternet,aswellasthe developing digitization of its regional economies. The four largest economies –Argentina, Brazil, Colombia, and Mexico – are most at-risk, along with some smallereconomiesthatexcelintechnologicalinnovation,suchasPeru.ii Furthercomplicatingthesituation,LatinAmerica/theCaribbeanisthe4thlargestmobilecommunicationsmarketintheworld;itisestimatedtherewillbemorethan600millionconnectedsmartphonesinthisregionaloneby2020.iiiMobilepenetrationhasgrownrapidlyoverthelastthreeyears,with41percentoftransactionsinthenetworknoworiginatingfromamobiledevice,upfromjust12 percent in the same quarter three years ago.iv Cyber attacks againstmobile devicescontinuetobeontheupswing,anditfollowsthatsuchactivitieswouldtargetLatinAmericanmobilecustomersaswell.In 2016, the Inter-AmericanDevelopmentBank (IDB) and theOrganization of AmericanStates (OAS) sponsored a report on the status of cyber security in Latin America. Thefindings indicated that the regionwasveryvulnerable to cyber attacks,with four in fivestates not having viable cyber security strategies or plans for protecting criticalinfrastructure inplace.vTwointhree lackedanysortofcommandandcontrolcenter forcybersecurity crises. Enforcement of laws against cyber attacks was almost universallyweak.viOverall,theentireregionisbeingexploitedbyhostileattackers,largelyduetothefollowingreasons(accordingtotheIEEE):

• Therearefewcoordinateddefensemechanisms.ManyLatinAmericancountriesarebeginningtodevelopCyberEmergencyResponseTeams(CERTs)andComputerSecurityIncidentResponseTeams(CSIRTs)tohandleattacks.

• Publicawarenessislacking.ManyLatinAmericancountrieshavenotyetpublicizedthedangersoftheInternet.Privateindustriesalsofrequentlybelievethattheyarenottargets,sotheyhavenotmadepreventativeprogramsahighpriority.

• Thereisadisconnectbetweenpublicandprivateindustries.Stakeholdershaveyet todevelopenoughtrust tocollaborate,andmostLatinAmericancountriesarelackingreputableclearinghousesorbrokersofauthoritativeinformationtoallowtheestablishmentofformalinformation-sharingmechanisms.vii

Asaregion,theannualcostofcybercrimeinLatinAmerica–toincludeCaribbeannations–hasgrowntoUSD90billionayear,accordingtoa2016reportbytheIDB.viiiOverall,theIDBfoundthattheregionwasincreasinglysusceptibletoseverecyberincidents;thisispartlyattributedtothefactthatmanycomputersecuritycompanieshavenottraditionallyviewed

Page 4: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

3

LatinAmericaasaprimemarketfortheirproductsandservices. Inordertocombatthisperception and ameliorate the situation, in April 2017, the OAS passed a resolution toincrease cooperation and stability in cyberspace, raising cyber security awareness andfosteringinformation-sharingamongsttheregionalgovernments.ixOtherchallengesexist,makingcybersecurityanongoinguphillbattle--toincludealackofqualifiedindividualsandadearthofcyberinsuranceofferingsintheregion.x

MexicoMexico is the15th largesteconomyintheworld.xi In theLatinAmericanregion,Mexico’sgrossdomesticproductissecondonlytoBrazil’s.xiiSuchapotenteconomicstandingisanattractivetarget forenterprisingcriminals. Accordingtoa thinktank’sreporting,Mexicoenjoys considerable Foreign Direct Investment, registering an 11 percent increase from2014-2015, or USD 28 billion in 2015.xiii Such investment and the presence of foreigncompaniesinMexicorepresentbothapositiveeconomicprogressionandthepotentialfortargetingbyhostile cyberactors. According toat leastone source,Mexico ranks secondbehind Brazil for being victimized by the most cyber attacks, with banking, retail, andtelecommunicationsbeingthemosttargetedsectors.xivFigure1showstheTop20countriesfacingthehighestthreatlevelsin2015.

Figure1.Top20CountriesFacingtheHighestThreatLevelsin2015

(source:https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdf)

Page 5: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

4

This is a concern given that Mexican cyber security efforts appear to remain nascent.Accordingtoareportfromaninternationalconsultingfirm,asofmid-2016,Mexicowasstillinanimmaturestateofcybersecurityduetoalackofinvestmentincybercrimeprotection.Intheprevious12months,Mexicohadjustoverthreemillionsecurityincidents,witharound87percentofcompaniesexperiencingsomeformofprivacybreach.Thiswas13percenthigherthantheglobaltrendatthetime.Onaworldwidescale,theaveragecostofasinglecybercrimeincidentwas$2,386,719,comparedto$1,581,641inMexico.xvAccordingtoa thinktankreportonthecybersecurity landscape inMexico, theScientificDivisionoftheFederalPolicestatedthattherewasa300percentincreaseincyberincidentsfrom 2013 (30,000 incidents reported) to 2016 (60,000); computer virus deploymentincreased57percentbetween2015and2016.xviThesamethinktankreportrevealedthatthemajority of cyber fraud occurred via Internet transactions through e-commerce andmobilebanking.

CyberThreatActorLandscapeThecyberthreatlandscapeconsistsofdiversehostileactorswithvariousintent,capabilities,and motivations for launching operations. States, cyber criminals, and activists are theprimaryactorsthatarelaunchingattacksagainstentitiesinMexico,asshowninFigure2below.

Figure2.PercentageofActorsBehindCyberActivityin2015

(source:https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdf)

Page 6: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

5

StateActorsNation states are largely considered the most sophisticated actor set; they have thecapabilitiestoexploitnetworksfordatatheftormanipulationortolaunchattackstodisrupt,deny,degrade,ordestroyinformationsystemsortheinformationresidentonthem.Stateactorsaregenerallybehindcyberespionageactivities,althoughindustrialcyberespionage(whereacompanytargetsanothercompany)alsooccurs.Stateactorsand/orstate-directedactorstargetpublicandprivatesectorentitiesforavarietyofreasons,suchasthetheftofintellectualproperty,researchanddevelopment,merger&acquisitiondata,tradesecrets,andbusinessstrategies.However,asdetailedinthebulletpointsbelow,stateactorshavealso been observed conducting cyber attacks to simply stealmoney, illustrating how themotivesofhostilecyberactorsareblurring.

• North Korea. Suspected North Korean hackers attempted to steal money fromMexicanbanksin2016.Thehackersendedupdeployingdestructivemalwareafterthey had unsuccessfully exploited the SWIFTpayment system to stealmoney viafraudulenttransferrequests.xviiIn2017,morethan500companiesinMexicowereinfected with theWannaCry ransomware, believed to have been orchestrated byNorthKorea.xviii

• Mexico. In 2017, theMexican governmentwas implicated in an attack inwhich

surveillancespywarewasdeployedonjournalists’andactivists’smartphones.xix

• Russia.RussiaisactivelyseekingtoexpanditsinfluenceinLatinAmericainordertooffset U.S. influence in the region. Given Russia’s involvement in elections in theUnitedStatesandEurope,similarsocialmediainfluenceoperationsarebelievedtohaveoccurredinLatinAmericanpoliticalelections.xxAccordingtoonevendorreport,Russian operatives are believed to have conducted cyber espionage againstGovernmentofMexicotargets,althoughnospecificswereprovided.xxi

• CaretoAPT.In2014,theCaretoAPTgroupwasdetectedtargetingmanyunnamedorganizations inLatinAmerica inorder toobtain strategic financial andeconomicinformation.xxii

CyberCrimeCybercriminals’endeavorsrunthegamutofsophistication,ranging fromrudimentarytoveryrefined,andareconductedbyorganizationsofvarioussizes,fromindividualstoteamstolargegroups.Thespanofoperationsisasdiverseastheactorsthemselves,withtargetsranging from individuals to businesses to healthcare organizations to financialinstitutions.Moreover,likeallactorsincyberspace,theyarenotcontainedbygeographicboundaries and operate globally. Latin America is home to its own cyber criminal

Page 7: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

6

underground,whichhasgrownoverthepastfewyears.Accordingtoacomputersecuritycompany,weakregionalcybersecurityawareness,limitedinformation-sharingmechanismsbetweenprivateandpublicsectors,andagenerallyuninformedpublicenablecybercriminalactivity.xxiiiIn2016,cybercrimecostMexicoanestimatedUSD3billionineconomicdamages.xxiv In2015, a computer security vendor estimated that cyber crime cost companies inMexicoapproximatelyUS5.5 billion. During this time, five out of six large corporations and60percent of small-to-medium enterprises were victims of online attacks, per the securityvendor’s findings.xxv Discrepancies in these costs is a testament tohowsuch figuresareestimates at best and reliant on factors such as accurate reporting. Regardless, cybercriminals have demonstrated their capabilities against the Mexican financial sector byexploitingATMsanddefraudingbankcustomers,whilealsoemployingsuchtacticsasusingbankingTrojans, launching ransomware attacks, and deploying point-of-salemalware.xxviFigure3showshowMexicocompareswithothercountrieswithrespecttoconsumerlossasaresultofcybercrime.

Figure3.ConsumerLossThroughWorldwideCyberCrimein2017

(source:https://www.statista.com/statistics/799875/countries-with-the-largest-losses-through-cybercrime/)

StateActivityorCyberCrime?AcomputersecuritycompanyrevealedacampaignthathasbeentargetingusersinMexicosinceasearlyas2013.xxvii Per thecompany’s findings, thecampaignhas leveragedspearphishinge-mailsandUSBdevicestogainaccesstovictims’devices.Themalwareconsistedof multi-modules: one to ensure the malware ran properly; one that served as an

Page 8: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

7

information-stealertakingsavedpasswordsfromwebbrowsersande-mailandFTPclients;onethatservedasakeylogger;oneresponsibleforcommunicatingwiththecommand-and-control server; one that infected USB drives; and one that stole credentials from onlinebankingsitesandreservationsystems.At present, there hasn’t been any attribution to the classification of actor behind thiscampaign, although the company’s researchers described it as “unusually sophisticated.”Thecompany’sresearchersnotedthattheactorsbehindthiscampaigndidcloselymonitortheoperations,althoughtheparticularswerenotshared.Suchactivityisindicativeofthecontinuedconfluenceofcybercrimeandcyberespionagecampaigns, as they continue to use the same tactics, techniques, and procedures (TTPs).Sincemanyof theseTTPssharesimilarcharacteristics,attributioneffortsrelyheavilyonvisibilityofthetarget’sattacksurfacetoassistindeterminingattackermotivation.Whileinsomeinstancesthetarget’sidentificationgreatlyaidsthiseffort,itisnotfoolproof.Caseandpoint,NorthKoreaandnowIranhavebeensuspectedinconductinghostilecyberactivitytypicallyassociatedwithcybercriminalsbystealingmoneyfromfinancialinstitutionsandcryptocurrencyrepositoriesusingtheTTPsimplementedbycyberespionageactors.xxviii,xxix,xxxInthisexample,itisreasonabletosuspectpotentialstateactorsaretargetingthebanksforthesamereasonthatcybercriminalswould–forfinancialgain.

HacktivismHacktivismmeldstraditionalpoliticalactivismwiththeInternet,allowingthesegroupsandindividualstoexpresssocialandpoliticaldiscontentviacyberspaceratherthaninpersonortousedigitaltoolstopursuepoliticalobjectives.Becausethehacktivistlandscapeisdiversein its own right, encompassing numerous individuals and groups representing variedpolitical, religious, economic, and environmental constituencies, it is difficult tohighlighteachgroupwithanyfidelity.Forexample,thehacktivistgroup“MexicanHTeam”claimedtohaveaccessedthedatabasesandserversoftheMexicanarmy,navy,andtherulingparty,aswellasnetworkgiantTelevisa.xxxiHacktivisminMexicostartedinthelate1990swiththeemergence of the Electronic Disturbance Theater and has since largely centered aroundpoliticalandsocialcauses,asillustratedinsomeoftheexamplesbelow.However,targetscorrespondwithcausesand,assuch,aresubjecttochange.

• InJune2018,unknownhackerslaunchedadistributeddenial-of-serviceattackonawebsiteopposingaMexicanpresidentialcandidateoftheNationalActionParty.Mostof the network traffic originated fromChina andRussia. As of thiswriting, it isuncertainwhowasbehindtheattack.xxxii

• In 2016, the independent onlineTVportal Rompevientotv.comwas targeted by aDDoSattackthatimpacteditsoperationsforseveraldays.xxxiii

Page 9: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

8

• In 2014, AnonymousMexico conducted defacements againstMexico’sMinistry of

Defensewebsite.xxxiv• In2012,Mexicanhacktiviststargetedgovernmentalinfrastructuresthatsupported

presidential elections utilizing DDoS attacks, web page defacements, cross-sitescripting,andSQLinjection.xxxv

• In 2011, Mexican hacktivists joined the Anonymous hacking enclave’s operation

#OpCartel in order to publicize sensitive data about Mexican criminalorganizations.xxxvi

WhoaretheTargets?Banking,retail,andtelecommunicationsarethetoptargetsinMexico.In2016,asurveyoflocal and multinational firms based in Mexico was conducted; during the 2015-2016reporting period, virtual extortion (such as via ransomware)was the top private sectorsecurityincidentforthosepolledat49percent.xxxviiUnsurprisingly,accordingtoonereport,in2015financialinstitutionsandinformationassetswereprimarytargetsbasedonattackvector.Point-of-salemalware,advancedpersistentthreatactivity,unauthorizedaccess,andDDoSattacksroundedoutthetopfive(seeFigure4).

Figure4.MostCommonAttackVectorsTargetingMexicanOrganizationsin2015

(source:https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdf)

These findingsare consistentwithanother report conducted in2016byan internationalconsulting firm,which found that 87 percent ofMexico-based companies experienced a

Page 10: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

9

cyber attack over the previous 12 months, resulting in approximately three millionincidents.xxxviii

FinancialSector/BanksareTopTargetsAccordingtoonethinktank,despitebeingthemostprotectedsector,thefinancialsectorinMexico is themost targeted, facingextortionattacks,disruptionof tradingplatforms,andDDoSattacks,amongothers.xxxixIn2018,banksinMexicohavebeenincreasinglytargetedbycybercriminals.AttheendofApril2018,Mexico’sfinancialsystemwasthevictimofacyberattackinwhichcybercriminalsstoleapproximatelyUSD20million.Atleastfivebankshad recorded large withdrawals of money through unauthorized transfers to bogusaccounts.xl This recent activity reveals that cyber criminals have the capability tosuccessfully target financial institutions andwill likely do so for the foreseeable future,particularlyiftheenvironmentisfavorabletotheiroperations.Accordingtooneresearcher,moving money internationally out of Mexico is difficult due to strict foreign exchangecontrols and the extensive approval processes required. As such, these type of schemeswouldrequireanextensivein-countryteam,includingmoneymulestowithdrawfraudulentfunds,whichpointstotheculpritsofthiscasebeingin-countryhackers.xli

CyberSecurityinMexicoDespitetakingpromisingsteps,Mexicostillhasaweakcybersecurityposturethatneedsimprovement.AccordingtotheInternationalTelecommunicationsUnion,aUnitedNationsspecializedagency for informationandcommunicationtechnologies,Mexico’smeasureofcybersecurityreadinessindexrankedit28outof195countriesin2017.Thereportcoversfive categories, to include LegalMeasures, TechnicalMeasures, OrganizationalMeasures,CapacityBuilding,andCooperation.xliiMexicowasthirdintheAmericas(behindtheUnitedStatesandCanada).

NationalCyberSecurityStrategyMexico’sNationalCyberSecurity strategywasdeveloped in collaborationwith the Inter-AmericanCommitteeagainstTerrorism.ThestrategyunderscoresMexico’scommitmenttocombattingcybercrimeandrecognizestheimportanceofinformationandcommunicationtechnologies inMexico’spolitical,social, andeconomicdevelopment.xliii Pera think tankreviewof the strategy, threegoverningprinciples–humanrights, riskmanagement, andmulti-disciplinarycooperation–anchorthedocumentinsupportoffivestrategicobjectives:societyandrights;economyandinnovation;publicinstitutions;publicsafety;andnationalsecurity.xlivWiththeimplementationofthisdocument,MexicojoinssixotherLatinAmericancountries in establishing a national cyber security strategy: Colombia (2011 and 2016),

Page 11: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

10

Panama(2013),TrinidadandTobalo(2013),Jamaica(2015),Paraguay(April2017),Chile(April2017)andCostaRica(April2017).xlv

CyberCrime-RelatedLawsThere is no definition for “cyber crime” and “cybersecurity” in Mexican legislation, andMexicohasnotyet adopted internationalstandardsapplicable to cyber crimes.xlvi WhileMexico scored high in having criminal and data privacy legislation on the books,organizationsarenotrequiredtohaveaminimalsetofcybersecuritymeasuresinplace,noraretheyrequiredtoreport incidents toauthorities,whichmakeharvestinghostilecyberstatisticsdifficulttomeasure.xlviiAccordingtoaU.S.thinktank,asof2017,Mexicohadnotenactedspecificlegislationoncybersecurity,thoughitwasincludedintheFederalCriminalCode,mostlyregardingfinancialcrimes,informationsecurity,andtheuseoftechnologyinother crimes, such as terrorism, kidnapping, and drug trafficking.xlviii Furthermore, todemonstrate legislation’s limited deterrence capability, as of 2016, theft of personal andbusinessdatainMexicoviahackinghadbeennoticeablyincreasing,withMexicobecomingahavenfortheblackmarketofstolenpersonaldata.xlix

ConclusionMexico’s increasingpostureasaregionaleconomicplayerwillcontinuetogarnerhostilecyberactorattention.CybercriminalscontinuetobethemajorthreatfacingorganizationsinMexico,althoughstateactorshavedemonstratedaninterestinLatinAmericaviacyberespionagecampaigns.Hacktivismremainspolitically-focused;anyperceivedsocialinjusticecaneasilymotivatetheseonlineactiviststotargetanyorganizationinanysector.Mexico’sestablishment of a national cyber security strategy is an important milestone indemonstrating the government’s understanding of the potential threats that exist incyberspaceandplacesMexicointhecompanyofsixotherregionalgovernmentswithsimilarstrategies. However, while legislation exists that addresses technology-related crime,Mexico’sfailuretoincentivizeorcompelorganizationstoreportbreaches,makesitdifficulttounderstandthefullimpactofhostilecyberactivityinthecountry.Thisneedstochangeinordertodeveloppropercybersecurityinitiativestoadequatelyaddressthesecriminalactivities.There is little anecdotal reporting highlighting the cyber security posture of and threatsfacing foreign companies in Mexico. Based on available reporting, financial-relatedorganizationsarelikelydesirabletargetsforenterprisingcriminalgroups.Cyberespionageextends beyond nation states, and commercial competitors may leverage networkexploitationtoobtainsensitivedatasuchasresearchanddevelopment;businessplanningandoperations;mergersandacquisitions;orfuturestrategies.Forstateactors,asidefrom

Page 12: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

11

thosebelievedtobetargetingglobalfinancialinstitutionsforprofit,targetingwilllikelyebbandflowdependingontheintentofthosegovernmentsorchestratingit.

Page 13: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

12

Traffic-LightProtocolforInformationDisseminationColor WhenShouldItBeUsed? HowMayItBeShared

RED

SourcesmayuseTLP:REDwheninformationcannotbeeffectivelyacteduponbyadditionalparties,andcouldleadtoimpactsonaparty’sprivacy,reputation,oroperationsifmisused.

RecipientsmaynotshareTLP:REDwithanypartiesoutsideofthespecificexchange,meeting,orconversationinwhichitisoriginallydisclosed.

AMBER

SourcesmayusetheTLP:AMBERwheninformationrequiressupporttobeeffectivelyacteduponbutcarriestheriskstoprivacy,reputation,oroperationsifsharedoutsideoftheorganizationsinvolved.

RecipientsmayonlyshareTLP:AMBERinformationwithmembersoftheirownorganization,andonlyaswidelyasnecessarytoactonthatinformation.

GREEN

SourcesmayuseTLP:GREENwheninformationisusefulfortheawarenessofallparticipatingorganizationsaswellaswithpeerswithinthebroadercommunityorsector.

RecipientsmayshareTLP:GREENinformationwithpeersandpartnerorganizationswithintheirsectororcommunity,butnotviapubliclyaccessiblechannels.

WHITE

SourcesmayuseTLP:WHITEwheninformationcarriesminimalornoriskofmisuse,inaccordancewithapplicablerulesandproceduresforpublicrelease.

TLP:WHITEinformationmaybedistributedwithoutrestriction,subjecttocopyrightcontrols.

Page 14: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

13

ANoteonEstimativeLanguageEstimativelanguageisusedinordertoconveyanassessedlikelihoodorprobabilityofanevent,aswellasthelevelofconfidenceascribedtoajudgment.Assessmentsarebasedoncollectedinformation(whichisoftenincomplete),aswellaslogic,argumentation,andprecedents.Confidencelevelsprovideassessmentsofthequalityandquantityofthesourceinformationthatsupportsjudgments. Complete High Moderate Low None

100% 80-99% 50-79% 11-49% 0-10%

• Complete:Totallyreliableandcorroboratedinformationwithnoassumptionsandclear,undisputedreasoning.

• High:Wellcorroboratedinformationfrommultipleprovensources,extensivedatabases,and/oradeephistoricalunderstandingoftheissue.Thereareminimalassumptionspresent.Theanalyticreasoningisdominatedbylogicalinferencesdevelopedthroughestablishedmethodologyormultipleanalytictechniques.Highconfidencedoesnotimplyanassessmentisfactoracertainty.

• Moderate:Partiallycorroboratedinformationfromsufficientqualitysources(amixofprovenandunprovensources)withsomedatabasesand/orhistoricalunderstandingoftheissue.Thereareassumptionspresent,ofwhichsomeshouldbecrucialtotheanalysis.Reasoningisamixtureofstrongandweakinferencesdevelopedthroughsimpleanalytictechniquesoranestablishedmethodology.

• Low:Uncorroboratedinformationfromgoodormarginalsources(mixofsemi-provenandunprovensources)withminimaldatabaseorhistoricalunderstandingoftheissue.Therearemanyassumptionscriticaltotheanalysis.Reasoningisdominatedbyweakinferencesthroughfewanalytictechniques.

• NoConfidence:Thereisnodirectinformationorpartiallycorroboratedinformationtosupportanalyticassessmentsorjudgments,oritisexploratoryanalysis.

Page 15: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

14

SourceandInformationReliability

Source

Rating DescriptionA Reliable Nodoubtaboutthesource'sauthenticity,trustworthiness,or

competency.Historyofcompletereliability.B UsuallyReliable Minordoubts.Historyofmostlyvalidinformation.C FairlyReliable Doubts.Providedvalidinformationinthepast.D NotUsuallyReliable Significantdoubts.Providedvalidinformationinthepast.E Unreliable Lacksauthenticity,trustworthiness,andcompetency.Historyof

invalidinformation.F Can’tBeJudged Insufficientinformationtoevaluatereliability.Mayormaynotbe

reliable.

Information

Rating Description1 Confirmed Logical,consistentwithotherrelevantinformation,confirmedby

independentsources.2 ProbablyTrue Logical,consistentwithotherrelevantinformation,notconfirmed

byindependentsources.3 PossiblyTrue Reasonablylogical,agreeswithsomerelevantinformation,not

confirmed.4 DoubtfullyTrue Notlogicalbutpossible,nootherinformationonthesubject,not

confirmed.5 Improbable Notlogical,contradictedbyotherrelevantinformation.6 Can’tBeJudged Thevalidityoftheinformationcannotbedetermined.

Page 16: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

15

ihttps://www.independent.co.uk/news/business/these-will-be-the-32-most-powerful-economies-in-the-world-by-2050-a7587401.htmliihttp://www.au.af.mil/au/afri/aspj/apjinternational/apj-s/2016/2016-4/2016_4_05_lavinder_s_eng.pdfiiihttp://cybersafett.com/news/111-cybersecurity-report-2016ivhttps://www.threatmetrix.com/wp-content/uploads/2018/05/q1-2018-cybercrime-report-1526659517.pdfvhttp://www.nearshoreamericas.com/latin-america-cyber-security-cyber-attacks/vihttps://cloudblogs.microsoft.com/microsoftsecure/2017/07/06/latin-america-is-stepping-up-to-the-plate-in-cybersecurity-policy/viihttp://innovationatwork.ieee.org/latin-america-is-under-cyber-attack/viiihttps://publications.iadb.org/handle/11319/7449ixhttps://www.forbes.com/sites/forbesagencycouncil/2018/07/31/five-measures-latin-america-must-take-to-get-up-to-snuff-on-cybersecurity/#e11b15d62eeaxIbid.xihttp://statisticstimes.com/economy/projected-world-gdp-ranking.phpxiihttps://en.wikipedia.org/wiki/List_of_Latin_American_and_Caribbean_countries_by_GDP_(nominal)xiiihttps://www.wilsoncenter.org/sites/default/files/cybersecurity_in_mexico_an_overview.pdfxivhttps://www.echoworx.com/how-bad-is-bad-mexicos-threat-landscape/xvhttps://www.nearshoreamericas.com/cybercrime-spending-mexico/xvihttps://www.wilsoncenter.org/sites/default/files/quo_vadis_mexicos_cybersecurity_strategy.pdfxviihttps://www.bloomberg.com/news/articles/2018-05-29/mexico-foiled-a-110-million-bank-heist-then-kept-it-a-secretxviiihttps://www.nearshoreamericas.com/hundreds-mexican-firms-hit-cyber-attack/xixhttps://www.nytimes.com/2017/06/21/world/americas/mexico-pena-nieto-spying-hacking-surveillance.htmlxxhttp://www.homelandsecuritynewswire.com/dr20180629-fears-of-russian-cyberattacks-ahead-of-mexico-s-sunday-electionsxxihttps://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdfxxiihttps://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdfxxiiihttps://www.lookingglasscyber.com/blog/the-global-cyber-crime-underground-latin-america-and-brazil/xxivhttp://www.elfinanciero.com.mx/tech/cibercrimen-cuesta-a-mexico-mil-mdd-al-ano.htmlxxvhttp://www.bnamericas.com/en/news/technology/mexico-lost-us55bn-to-cyber-crime-in-2015xxvihttps://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdfxxviihttps://threatpost.com/dark-tequila-a-distilled-threat-for-mexican-targets/136739/xxviiihttps://www.cyberscoop.com/north-korea-swift-hacks-bancomext-bank-of-chile/xxixhttps://www.cnbc.com/2018/01/17/north-korea-hackers-linked-to-cryptocurrency-cyberattack-on-south-korea.htmlxxxhttps://toshitimes.com/irans-revenge-of-sanctions-through-bitcoin-stealing-ransomware/xxxihttps://splinternews.com/mexican-hacktivists-riseup-1793844198xxxiihttps://www.scmagazineuk.com/ddos-attack-aimed-mexican-opposition-presidential-candidate-website-during-debate/article/1486722xxxiiihttps://freedomhouse.org/report/freedom-net/2016/mexicoxxxivhttps://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdfxxxvhttp://www.trendmicro.de/media/wp/latin-american-and-caribbean-cybersecurity-trends-and-government-responses-whitepaper-en.pdfxxxvihttps://worldview.stratfor.com/article/dispatch-anonymous-online-tactics-against-mexican-cartels#axzz3FlCjRPAOxxxviihttps://www.export.gov/article?id=Mexico-Safety-and-Security

Page 17: Mexico: Cyber Threat Landscape€¦ · cyber crime incident was $2,386,719, compared to $1,581,641 in Mexico.xv According to a think tank report on the cyber security landscape in

LookingGlass STRATISS: Proprietary |

16

xxxviiihttps://www.edgarvasquez.com/cyber-crime-and-data-protection-in-mexico-part-i/xxxixhttps://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdfxlhttps://www.welivesecurity.com/2018/05/24/mexico-cybercriminals-steal-400-million/xlihttps://www.bankinfosecurity.com/mexico-investigates-suspected-cyberattacks-against-banks-a-11008xliihttps://www.digianalysys.com/itu-global-cyber-security-index-2017/xliiihttps://www.wilsoncenter.org/sites/default/files/quo_vadis_mexicos_cybersecurity_strategy.pdfxlivIbid.xlvhttps://portswigger.net/daily-swig/mexico-launches-national-cyber-security-strategyxlvihttps://iclg.com/practice-areas/cybersecurity-laws-and-regulations/mexicoxlviiIbid.xlviiihttps://www.wilsoncenter.org/sites/default/files/cybersecurity_in_mexico_an_overview.pdfxlixhttps://www.insightcrime.org/news/brief/mexico-struggling-with-widespread-cyber-theft/


Related Documents