Mexico: Cyber Threat Landscape
PRODUCED AUGUST 29, 2018
LOOKINGGLASS CYBER SOLUTIONS
THREAT ANALYSIS AND INVESTIGATIONS UNIT
LookingGlass STRATISS: Proprietary |
1
Overall Report Distribution is TLP: GREEN Overall Source/Information Reliability: B1
ExecutiveSummaryLatin America is vulnerable to hostile cyber activity, especially as the region developseconomicallyandtechnologically.Astheregion’seconomiesbecomemoretechnicallyadept,cybersecuritypracticesarecurrentlyfailingtokeepupwithadvancementsindigitization.Cybercrime,cyberespionage,andhacktivismhaveall targetedLatinAmerica. Mexico inparticular isoneof the fastest growingeconomies in theworld, leveraging technology topropelbusinessforward.Mexicoisonpacetobeamongthetopteneconomiesintheworldby2050,whichislargelytheresultofincreasedInternetaccessandimplementationofe-commerce.iAssuch,Mexicohasbeenattractingtheattentionofenterprisinghostilecyberactorsseekingtoexploitcommercialorganizationsforfinancialreward. WhilepromisinginitiativesliketheestablishmentofanationalcybersecuritystrategyandlegalframeworksdemonstrateMexico’sawarenessoftheimportanceofcybersecurity,theyareatanascentstage; it remains to be seen how they will be implemented, socialized, and enforced.LookingGlass analysts expect Mexico to continue to be a prime target in the region,particularlyasitscybersecurityeffortsareintheunenviablepositionofplayingcatch-uptoitseconomicdevelopment.
KeyPoints
• Mexico is one of the leading emerging economies in the region and, as such, willcontinue togarner the attention of hostile actors to exploit vulnerable in-countryorganizations. Banks and financial institutions have been the primary targets ofhostileactors.
• Cybercrimeistheprimarythreat,whichshouldcontinuefortheforeseeablefuture.
State-drivencyberespionagehasbeenobservedtargetingMexicaninterests. Suchactivity largely depends on the intent of actors seeking to ascertain the Mexicangovernment’s position on geopolitical issues and will ebb and flow accordingly.Hacktivism is a viable means of social protest that has historically targetedgovernmententitiesandwilllikelycontinueinthefuture.
• Unfortunately, there is limited information kept by government organizations to
providemorefidelityonhostilecyberactivitystatistics.Thatsaid,currentMexicanlawdoesnotmandatethatorganizationsreportbreaches,makingthosestatistics--eveniftheywereavailable--unreliable.
LookingGlass STRATISS: Proprietary |
2
LatinAmericaAsaregion,LatinAmericaisfacinganincreasingamountofcyberattacks.Aprimaryreasonforthisisitsgrowingpopulation,whichisincreasinglyconnectedtotheInternet,aswellasthe developing digitization of its regional economies. The four largest economies –Argentina, Brazil, Colombia, and Mexico – are most at-risk, along with some smallereconomiesthatexcelintechnologicalinnovation,suchasPeru.ii Furthercomplicatingthesituation,LatinAmerica/theCaribbeanisthe4thlargestmobilecommunicationsmarketintheworld;itisestimatedtherewillbemorethan600millionconnectedsmartphonesinthisregionaloneby2020.iiiMobilepenetrationhasgrownrapidlyoverthelastthreeyears,with41percentoftransactionsinthenetworknoworiginatingfromamobiledevice,upfromjust12 percent in the same quarter three years ago.iv Cyber attacks againstmobile devicescontinuetobeontheupswing,anditfollowsthatsuchactivitieswouldtargetLatinAmericanmobilecustomersaswell.In 2016, the Inter-AmericanDevelopmentBank (IDB) and theOrganization of AmericanStates (OAS) sponsored a report on the status of cyber security in Latin America. Thefindings indicated that the regionwasveryvulnerable to cyber attacks,with four in fivestates not having viable cyber security strategies or plans for protecting criticalinfrastructure inplace.vTwointhree lackedanysortofcommandandcontrolcenter forcybersecurity crises. Enforcement of laws against cyber attacks was almost universallyweak.viOverall,theentireregionisbeingexploitedbyhostileattackers,largelyduetothefollowingreasons(accordingtotheIEEE):
• Therearefewcoordinateddefensemechanisms.ManyLatinAmericancountriesarebeginningtodevelopCyberEmergencyResponseTeams(CERTs)andComputerSecurityIncidentResponseTeams(CSIRTs)tohandleattacks.
• Publicawarenessislacking.ManyLatinAmericancountrieshavenotyetpublicizedthedangersoftheInternet.Privateindustriesalsofrequentlybelievethattheyarenottargets,sotheyhavenotmadepreventativeprogramsahighpriority.
• Thereisadisconnectbetweenpublicandprivateindustries.Stakeholdershaveyet todevelopenoughtrust tocollaborate,andmostLatinAmericancountriesarelackingreputableclearinghousesorbrokersofauthoritativeinformationtoallowtheestablishmentofformalinformation-sharingmechanisms.vii
Asaregion,theannualcostofcybercrimeinLatinAmerica–toincludeCaribbeannations–hasgrowntoUSD90billionayear,accordingtoa2016reportbytheIDB.viiiOverall,theIDBfoundthattheregionwasincreasinglysusceptibletoseverecyberincidents;thisispartlyattributedtothefactthatmanycomputersecuritycompanieshavenottraditionallyviewed
LookingGlass STRATISS: Proprietary |
3
LatinAmericaasaprimemarketfortheirproductsandservices. Inordertocombatthisperception and ameliorate the situation, in April 2017, the OAS passed a resolution toincrease cooperation and stability in cyberspace, raising cyber security awareness andfosteringinformation-sharingamongsttheregionalgovernments.ixOtherchallengesexist,makingcybersecurityanongoinguphillbattle--toincludealackofqualifiedindividualsandadearthofcyberinsuranceofferingsintheregion.x
MexicoMexico is the15th largesteconomyintheworld.xi In theLatinAmericanregion,Mexico’sgrossdomesticproductissecondonlytoBrazil’s.xiiSuchapotenteconomicstandingisanattractivetarget forenterprisingcriminals. Accordingtoa thinktank’sreporting,Mexicoenjoys considerable Foreign Direct Investment, registering an 11 percent increase from2014-2015, or USD 28 billion in 2015.xiii Such investment and the presence of foreigncompaniesinMexicorepresentbothapositiveeconomicprogressionandthepotentialfortargetingbyhostile cyberactors. According toat leastone source,Mexico ranks secondbehind Brazil for being victimized by the most cyber attacks, with banking, retail, andtelecommunicationsbeingthemosttargetedsectors.xivFigure1showstheTop20countriesfacingthehighestthreatlevelsin2015.
Figure1.Top20CountriesFacingtheHighestThreatLevelsin2015
(source:https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdf)
LookingGlass STRATISS: Proprietary |
4
This is a concern given that Mexican cyber security efforts appear to remain nascent.Accordingtoareportfromaninternationalconsultingfirm,asofmid-2016,Mexicowasstillinanimmaturestateofcybersecurityduetoalackofinvestmentincybercrimeprotection.Intheprevious12months,Mexicohadjustoverthreemillionsecurityincidents,witharound87percentofcompaniesexperiencingsomeformofprivacybreach.Thiswas13percenthigherthantheglobaltrendatthetime.Onaworldwidescale,theaveragecostofasinglecybercrimeincidentwas$2,386,719,comparedto$1,581,641inMexico.xvAccordingtoa thinktankreportonthecybersecurity landscape inMexico, theScientificDivisionoftheFederalPolicestatedthattherewasa300percentincreaseincyberincidentsfrom 2013 (30,000 incidents reported) to 2016 (60,000); computer virus deploymentincreased57percentbetween2015and2016.xviThesamethinktankreportrevealedthatthemajority of cyber fraud occurred via Internet transactions through e-commerce andmobilebanking.
CyberThreatActorLandscapeThecyberthreatlandscapeconsistsofdiversehostileactorswithvariousintent,capabilities,and motivations for launching operations. States, cyber criminals, and activists are theprimaryactorsthatarelaunchingattacksagainstentitiesinMexico,asshowninFigure2below.
Figure2.PercentageofActorsBehindCyberActivityin2015
(source:https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdf)
LookingGlass STRATISS: Proprietary |
5
StateActorsNation states are largely considered the most sophisticated actor set; they have thecapabilitiestoexploitnetworksfordatatheftormanipulationortolaunchattackstodisrupt,deny,degrade,ordestroyinformationsystemsortheinformationresidentonthem.Stateactorsaregenerallybehindcyberespionageactivities,althoughindustrialcyberespionage(whereacompanytargetsanothercompany)alsooccurs.Stateactorsand/orstate-directedactorstargetpublicandprivatesectorentitiesforavarietyofreasons,suchasthetheftofintellectualproperty,researchanddevelopment,merger&acquisitiondata,tradesecrets,andbusinessstrategies.However,asdetailedinthebulletpointsbelow,stateactorshavealso been observed conducting cyber attacks to simply stealmoney, illustrating how themotivesofhostilecyberactorsareblurring.
• North Korea. Suspected North Korean hackers attempted to steal money fromMexicanbanksin2016.Thehackersendedupdeployingdestructivemalwareafterthey had unsuccessfully exploited the SWIFTpayment system to stealmoney viafraudulenttransferrequests.xviiIn2017,morethan500companiesinMexicowereinfected with theWannaCry ransomware, believed to have been orchestrated byNorthKorea.xviii
• Mexico. In 2017, theMexican governmentwas implicated in an attack inwhich
surveillancespywarewasdeployedonjournalists’andactivists’smartphones.xix
• Russia.RussiaisactivelyseekingtoexpanditsinfluenceinLatinAmericainordertooffset U.S. influence in the region. Given Russia’s involvement in elections in theUnitedStatesandEurope,similarsocialmediainfluenceoperationsarebelievedtohaveoccurredinLatinAmericanpoliticalelections.xxAccordingtoonevendorreport,Russian operatives are believed to have conducted cyber espionage againstGovernmentofMexicotargets,althoughnospecificswereprovided.xxi
• CaretoAPT.In2014,theCaretoAPTgroupwasdetectedtargetingmanyunnamedorganizations inLatinAmerica inorder toobtain strategic financial andeconomicinformation.xxii
CyberCrimeCybercriminals’endeavorsrunthegamutofsophistication,ranging fromrudimentarytoveryrefined,andareconductedbyorganizationsofvarioussizes,fromindividualstoteamstolargegroups.Thespanofoperationsisasdiverseastheactorsthemselves,withtargetsranging from individuals to businesses to healthcare organizations to financialinstitutions.Moreover,likeallactorsincyberspace,theyarenotcontainedbygeographicboundaries and operate globally. Latin America is home to its own cyber criminal
LookingGlass STRATISS: Proprietary |
6
underground,whichhasgrownoverthepastfewyears.Accordingtoacomputersecuritycompany,weakregionalcybersecurityawareness,limitedinformation-sharingmechanismsbetweenprivateandpublicsectors,andagenerallyuninformedpublicenablecybercriminalactivity.xxiiiIn2016,cybercrimecostMexicoanestimatedUSD3billionineconomicdamages.xxiv In2015, a computer security vendor estimated that cyber crime cost companies inMexicoapproximatelyUS5.5 billion. During this time, five out of six large corporations and60percent of small-to-medium enterprises were victims of online attacks, per the securityvendor’s findings.xxv Discrepancies in these costs is a testament tohowsuch figuresareestimates at best and reliant on factors such as accurate reporting. Regardless, cybercriminals have demonstrated their capabilities against the Mexican financial sector byexploitingATMsanddefraudingbankcustomers,whilealsoemployingsuchtacticsasusingbankingTrojans, launching ransomware attacks, and deploying point-of-salemalware.xxviFigure3showshowMexicocompareswithothercountrieswithrespecttoconsumerlossasaresultofcybercrime.
Figure3.ConsumerLossThroughWorldwideCyberCrimein2017
(source:https://www.statista.com/statistics/799875/countries-with-the-largest-losses-through-cybercrime/)
StateActivityorCyberCrime?AcomputersecuritycompanyrevealedacampaignthathasbeentargetingusersinMexicosinceasearlyas2013.xxvii Per thecompany’s findings, thecampaignhas leveragedspearphishinge-mailsandUSBdevicestogainaccesstovictims’devices.Themalwareconsistedof multi-modules: one to ensure the malware ran properly; one that served as an
LookingGlass STRATISS: Proprietary |
7
information-stealertakingsavedpasswordsfromwebbrowsersande-mailandFTPclients;onethatservedasakeylogger;oneresponsibleforcommunicatingwiththecommand-and-control server; one that infected USB drives; and one that stole credentials from onlinebankingsitesandreservationsystems.At present, there hasn’t been any attribution to the classification of actor behind thiscampaign, although the company’s researchers described it as “unusually sophisticated.”Thecompany’sresearchersnotedthattheactorsbehindthiscampaigndidcloselymonitortheoperations,althoughtheparticularswerenotshared.Suchactivityisindicativeofthecontinuedconfluenceofcybercrimeandcyberespionagecampaigns, as they continue to use the same tactics, techniques, and procedures (TTPs).Sincemanyof theseTTPssharesimilarcharacteristics,attributioneffortsrelyheavilyonvisibilityofthetarget’sattacksurfacetoassistindeterminingattackermotivation.Whileinsomeinstancesthetarget’sidentificationgreatlyaidsthiseffort,itisnotfoolproof.Caseandpoint,NorthKoreaandnowIranhavebeensuspectedinconductinghostilecyberactivitytypicallyassociatedwithcybercriminalsbystealingmoneyfromfinancialinstitutionsandcryptocurrencyrepositoriesusingtheTTPsimplementedbycyberespionageactors.xxviii,xxix,xxxInthisexample,itisreasonabletosuspectpotentialstateactorsaretargetingthebanksforthesamereasonthatcybercriminalswould–forfinancialgain.
HacktivismHacktivismmeldstraditionalpoliticalactivismwiththeInternet,allowingthesegroupsandindividualstoexpresssocialandpoliticaldiscontentviacyberspaceratherthaninpersonortousedigitaltoolstopursuepoliticalobjectives.Becausethehacktivistlandscapeisdiversein its own right, encompassing numerous individuals and groups representing variedpolitical, religious, economic, and environmental constituencies, it is difficult tohighlighteachgroupwithanyfidelity.Forexample,thehacktivistgroup“MexicanHTeam”claimedtohaveaccessedthedatabasesandserversoftheMexicanarmy,navy,andtherulingparty,aswellasnetworkgiantTelevisa.xxxiHacktivisminMexicostartedinthelate1990swiththeemergence of the Electronic Disturbance Theater and has since largely centered aroundpoliticalandsocialcauses,asillustratedinsomeoftheexamplesbelow.However,targetscorrespondwithcausesand,assuch,aresubjecttochange.
• InJune2018,unknownhackerslaunchedadistributeddenial-of-serviceattackonawebsiteopposingaMexicanpresidentialcandidateoftheNationalActionParty.Mostof the network traffic originated fromChina andRussia. As of thiswriting, it isuncertainwhowasbehindtheattack.xxxii
• In 2016, the independent onlineTVportal Rompevientotv.comwas targeted by aDDoSattackthatimpacteditsoperationsforseveraldays.xxxiii
LookingGlass STRATISS: Proprietary |
8
• In 2014, AnonymousMexico conducted defacements againstMexico’sMinistry of
Defensewebsite.xxxiv• In2012,Mexicanhacktiviststargetedgovernmentalinfrastructuresthatsupported
presidential elections utilizing DDoS attacks, web page defacements, cross-sitescripting,andSQLinjection.xxxv
• In 2011, Mexican hacktivists joined the Anonymous hacking enclave’s operation
#OpCartel in order to publicize sensitive data about Mexican criminalorganizations.xxxvi
WhoaretheTargets?Banking,retail,andtelecommunicationsarethetoptargetsinMexico.In2016,asurveyoflocal and multinational firms based in Mexico was conducted; during the 2015-2016reporting period, virtual extortion (such as via ransomware)was the top private sectorsecurityincidentforthosepolledat49percent.xxxviiUnsurprisingly,accordingtoonereport,in2015financialinstitutionsandinformationassetswereprimarytargetsbasedonattackvector.Point-of-salemalware,advancedpersistentthreatactivity,unauthorizedaccess,andDDoSattacksroundedoutthetopfive(seeFigure4).
Figure4.MostCommonAttackVectorsTargetingMexicanOrganizationsin2015
(source:https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdf)
These findingsare consistentwithanother report conducted in2016byan internationalconsulting firm,which found that 87 percent ofMexico-based companies experienced a
LookingGlass STRATISS: Proprietary |
9
cyber attack over the previous 12 months, resulting in approximately three millionincidents.xxxviii
FinancialSector/BanksareTopTargetsAccordingtoonethinktank,despitebeingthemostprotectedsector,thefinancialsectorinMexico is themost targeted, facingextortionattacks,disruptionof tradingplatforms,andDDoSattacks,amongothers.xxxixIn2018,banksinMexicohavebeenincreasinglytargetedbycybercriminals.AttheendofApril2018,Mexico’sfinancialsystemwasthevictimofacyberattackinwhichcybercriminalsstoleapproximatelyUSD20million.Atleastfivebankshad recorded large withdrawals of money through unauthorized transfers to bogusaccounts.xl This recent activity reveals that cyber criminals have the capability tosuccessfully target financial institutions andwill likely do so for the foreseeable future,particularlyiftheenvironmentisfavorabletotheiroperations.Accordingtooneresearcher,moving money internationally out of Mexico is difficult due to strict foreign exchangecontrols and the extensive approval processes required. As such, these type of schemeswouldrequireanextensivein-countryteam,includingmoneymulestowithdrawfraudulentfunds,whichpointstotheculpritsofthiscasebeingin-countryhackers.xli
CyberSecurityinMexicoDespitetakingpromisingsteps,Mexicostillhasaweakcybersecurityposturethatneedsimprovement.AccordingtotheInternationalTelecommunicationsUnion,aUnitedNationsspecializedagency for informationandcommunicationtechnologies,Mexico’smeasureofcybersecurityreadinessindexrankedit28outof195countriesin2017.Thereportcoversfive categories, to include LegalMeasures, TechnicalMeasures, OrganizationalMeasures,CapacityBuilding,andCooperation.xliiMexicowasthirdintheAmericas(behindtheUnitedStatesandCanada).
NationalCyberSecurityStrategyMexico’sNationalCyberSecurity strategywasdeveloped in collaborationwith the Inter-AmericanCommitteeagainstTerrorism.ThestrategyunderscoresMexico’scommitmenttocombattingcybercrimeandrecognizestheimportanceofinformationandcommunicationtechnologies inMexico’spolitical,social, andeconomicdevelopment.xliii Pera think tankreviewof the strategy, threegoverningprinciples–humanrights, riskmanagement, andmulti-disciplinarycooperation–anchorthedocumentinsupportoffivestrategicobjectives:societyandrights;economyandinnovation;publicinstitutions;publicsafety;andnationalsecurity.xlivWiththeimplementationofthisdocument,MexicojoinssixotherLatinAmericancountries in establishing a national cyber security strategy: Colombia (2011 and 2016),
LookingGlass STRATISS: Proprietary |
10
Panama(2013),TrinidadandTobalo(2013),Jamaica(2015),Paraguay(April2017),Chile(April2017)andCostaRica(April2017).xlv
CyberCrime-RelatedLawsThere is no definition for “cyber crime” and “cybersecurity” in Mexican legislation, andMexicohasnotyet adopted internationalstandardsapplicable to cyber crimes.xlvi WhileMexico scored high in having criminal and data privacy legislation on the books,organizationsarenotrequiredtohaveaminimalsetofcybersecuritymeasuresinplace,noraretheyrequiredtoreport incidents toauthorities,whichmakeharvestinghostilecyberstatisticsdifficulttomeasure.xlviiAccordingtoaU.S.thinktank,asof2017,Mexicohadnotenactedspecificlegislationoncybersecurity,thoughitwasincludedintheFederalCriminalCode,mostlyregardingfinancialcrimes,informationsecurity,andtheuseoftechnologyinother crimes, such as terrorism, kidnapping, and drug trafficking.xlviii Furthermore, todemonstrate legislation’s limited deterrence capability, as of 2016, theft of personal andbusinessdatainMexicoviahackinghadbeennoticeablyincreasing,withMexicobecomingahavenfortheblackmarketofstolenpersonaldata.xlix
ConclusionMexico’s increasingpostureasaregionaleconomicplayerwillcontinuetogarnerhostilecyberactorattention.CybercriminalscontinuetobethemajorthreatfacingorganizationsinMexico,althoughstateactorshavedemonstratedaninterestinLatinAmericaviacyberespionagecampaigns.Hacktivismremainspolitically-focused;anyperceivedsocialinjusticecaneasilymotivatetheseonlineactiviststotargetanyorganizationinanysector.Mexico’sestablishment of a national cyber security strategy is an important milestone indemonstrating the government’s understanding of the potential threats that exist incyberspaceandplacesMexicointhecompanyofsixotherregionalgovernmentswithsimilarstrategies. However, while legislation exists that addresses technology-related crime,Mexico’sfailuretoincentivizeorcompelorganizationstoreportbreaches,makesitdifficulttounderstandthefullimpactofhostilecyberactivityinthecountry.Thisneedstochangeinordertodeveloppropercybersecurityinitiativestoadequatelyaddressthesecriminalactivities.There is little anecdotal reporting highlighting the cyber security posture of and threatsfacing foreign companies in Mexico. Based on available reporting, financial-relatedorganizationsarelikelydesirabletargetsforenterprisingcriminalgroups.Cyberespionageextends beyond nation states, and commercial competitors may leverage networkexploitationtoobtainsensitivedatasuchasresearchanddevelopment;businessplanningandoperations;mergersandacquisitions;orfuturestrategies.Forstateactors,asidefrom
LookingGlass STRATISS: Proprietary |
11
thosebelievedtobetargetingglobalfinancialinstitutionsforprofit,targetingwilllikelyebbandflowdependingontheintentofthosegovernmentsorchestratingit.
LookingGlass STRATISS: Proprietary |
12
Traffic-LightProtocolforInformationDisseminationColor WhenShouldItBeUsed? HowMayItBeShared
RED
SourcesmayuseTLP:REDwheninformationcannotbeeffectivelyacteduponbyadditionalparties,andcouldleadtoimpactsonaparty’sprivacy,reputation,oroperationsifmisused.
RecipientsmaynotshareTLP:REDwithanypartiesoutsideofthespecificexchange,meeting,orconversationinwhichitisoriginallydisclosed.
AMBER
SourcesmayusetheTLP:AMBERwheninformationrequiressupporttobeeffectivelyacteduponbutcarriestheriskstoprivacy,reputation,oroperationsifsharedoutsideoftheorganizationsinvolved.
RecipientsmayonlyshareTLP:AMBERinformationwithmembersoftheirownorganization,andonlyaswidelyasnecessarytoactonthatinformation.
GREEN
SourcesmayuseTLP:GREENwheninformationisusefulfortheawarenessofallparticipatingorganizationsaswellaswithpeerswithinthebroadercommunityorsector.
RecipientsmayshareTLP:GREENinformationwithpeersandpartnerorganizationswithintheirsectororcommunity,butnotviapubliclyaccessiblechannels.
WHITE
SourcesmayuseTLP:WHITEwheninformationcarriesminimalornoriskofmisuse,inaccordancewithapplicablerulesandproceduresforpublicrelease.
TLP:WHITEinformationmaybedistributedwithoutrestriction,subjecttocopyrightcontrols.
LookingGlass STRATISS: Proprietary |
13
ANoteonEstimativeLanguageEstimativelanguageisusedinordertoconveyanassessedlikelihoodorprobabilityofanevent,aswellasthelevelofconfidenceascribedtoajudgment.Assessmentsarebasedoncollectedinformation(whichisoftenincomplete),aswellaslogic,argumentation,andprecedents.Confidencelevelsprovideassessmentsofthequalityandquantityofthesourceinformationthatsupportsjudgments. Complete High Moderate Low None
100% 80-99% 50-79% 11-49% 0-10%
• Complete:Totallyreliableandcorroboratedinformationwithnoassumptionsandclear,undisputedreasoning.
• High:Wellcorroboratedinformationfrommultipleprovensources,extensivedatabases,and/oradeephistoricalunderstandingoftheissue.Thereareminimalassumptionspresent.Theanalyticreasoningisdominatedbylogicalinferencesdevelopedthroughestablishedmethodologyormultipleanalytictechniques.Highconfidencedoesnotimplyanassessmentisfactoracertainty.
• Moderate:Partiallycorroboratedinformationfromsufficientqualitysources(amixofprovenandunprovensources)withsomedatabasesand/orhistoricalunderstandingoftheissue.Thereareassumptionspresent,ofwhichsomeshouldbecrucialtotheanalysis.Reasoningisamixtureofstrongandweakinferencesdevelopedthroughsimpleanalytictechniquesoranestablishedmethodology.
• Low:Uncorroboratedinformationfromgoodormarginalsources(mixofsemi-provenandunprovensources)withminimaldatabaseorhistoricalunderstandingoftheissue.Therearemanyassumptionscriticaltotheanalysis.Reasoningisdominatedbyweakinferencesthroughfewanalytictechniques.
• NoConfidence:Thereisnodirectinformationorpartiallycorroboratedinformationtosupportanalyticassessmentsorjudgments,oritisexploratoryanalysis.
LookingGlass STRATISS: Proprietary |
14
SourceandInformationReliability
Source
Rating DescriptionA Reliable Nodoubtaboutthesource'sauthenticity,trustworthiness,or
competency.Historyofcompletereliability.B UsuallyReliable Minordoubts.Historyofmostlyvalidinformation.C FairlyReliable Doubts.Providedvalidinformationinthepast.D NotUsuallyReliable Significantdoubts.Providedvalidinformationinthepast.E Unreliable Lacksauthenticity,trustworthiness,andcompetency.Historyof
invalidinformation.F Can’tBeJudged Insufficientinformationtoevaluatereliability.Mayormaynotbe
reliable.
Information
Rating Description1 Confirmed Logical,consistentwithotherrelevantinformation,confirmedby
independentsources.2 ProbablyTrue Logical,consistentwithotherrelevantinformation,notconfirmed
byindependentsources.3 PossiblyTrue Reasonablylogical,agreeswithsomerelevantinformation,not
confirmed.4 DoubtfullyTrue Notlogicalbutpossible,nootherinformationonthesubject,not
confirmed.5 Improbable Notlogical,contradictedbyotherrelevantinformation.6 Can’tBeJudged Thevalidityoftheinformationcannotbedetermined.
LookingGlass STRATISS: Proprietary |
15
ihttps://www.independent.co.uk/news/business/these-will-be-the-32-most-powerful-economies-in-the-world-by-2050-a7587401.htmliihttp://www.au.af.mil/au/afri/aspj/apjinternational/apj-s/2016/2016-4/2016_4_05_lavinder_s_eng.pdfiiihttp://cybersafett.com/news/111-cybersecurity-report-2016ivhttps://www.threatmetrix.com/wp-content/uploads/2018/05/q1-2018-cybercrime-report-1526659517.pdfvhttp://www.nearshoreamericas.com/latin-america-cyber-security-cyber-attacks/vihttps://cloudblogs.microsoft.com/microsoftsecure/2017/07/06/latin-america-is-stepping-up-to-the-plate-in-cybersecurity-policy/viihttp://innovationatwork.ieee.org/latin-america-is-under-cyber-attack/viiihttps://publications.iadb.org/handle/11319/7449ixhttps://www.forbes.com/sites/forbesagencycouncil/2018/07/31/five-measures-latin-america-must-take-to-get-up-to-snuff-on-cybersecurity/#e11b15d62eeaxIbid.xihttp://statisticstimes.com/economy/projected-world-gdp-ranking.phpxiihttps://en.wikipedia.org/wiki/List_of_Latin_American_and_Caribbean_countries_by_GDP_(nominal)xiiihttps://www.wilsoncenter.org/sites/default/files/cybersecurity_in_mexico_an_overview.pdfxivhttps://www.echoworx.com/how-bad-is-bad-mexicos-threat-landscape/xvhttps://www.nearshoreamericas.com/cybercrime-spending-mexico/xvihttps://www.wilsoncenter.org/sites/default/files/quo_vadis_mexicos_cybersecurity_strategy.pdfxviihttps://www.bloomberg.com/news/articles/2018-05-29/mexico-foiled-a-110-million-bank-heist-then-kept-it-a-secretxviiihttps://www.nearshoreamericas.com/hundreds-mexican-firms-hit-cyber-attack/xixhttps://www.nytimes.com/2017/06/21/world/americas/mexico-pena-nieto-spying-hacking-surveillance.htmlxxhttp://www.homelandsecuritynewswire.com/dr20180629-fears-of-russian-cyberattacks-ahead-of-mexico-s-sunday-electionsxxihttps://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdfxxiihttps://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdfxxiiihttps://www.lookingglasscyber.com/blog/the-global-cyber-crime-underground-latin-america-and-brazil/xxivhttp://www.elfinanciero.com.mx/tech/cibercrimen-cuesta-a-mexico-mil-mdd-al-ano.htmlxxvhttp://www.bnamericas.com/en/news/technology/mexico-lost-us55bn-to-cyber-crime-in-2015xxvihttps://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdfxxviihttps://threatpost.com/dark-tequila-a-distilled-threat-for-mexican-targets/136739/xxviiihttps://www.cyberscoop.com/north-korea-swift-hacks-bancomext-bank-of-chile/xxixhttps://www.cnbc.com/2018/01/17/north-korea-hackers-linked-to-cryptocurrency-cyberattack-on-south-korea.htmlxxxhttps://toshitimes.com/irans-revenge-of-sanctions-through-bitcoin-stealing-ransomware/xxxihttps://splinternews.com/mexican-hacktivists-riseup-1793844198xxxiihttps://www.scmagazineuk.com/ddos-attack-aimed-mexican-opposition-presidential-candidate-website-during-debate/article/1486722xxxiiihttps://freedomhouse.org/report/freedom-net/2016/mexicoxxxivhttps://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdfxxxvhttp://www.trendmicro.de/media/wp/latin-american-and-caribbean-cybersecurity-trends-and-government-responses-whitepaper-en.pdfxxxvihttps://worldview.stratfor.com/article/dispatch-anonymous-online-tactics-against-mexican-cartels#axzz3FlCjRPAOxxxviihttps://www.export.gov/article?id=Mexico-Safety-and-Security
LookingGlass STRATISS: Proprietary |
16
xxxviiihttps://www.edgarvasquez.com/cyber-crime-and-data-protection-in-mexico-part-i/xxxixhttps://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/2015-09-09-cyber-mexico-whitepaper-WEB.pdfxlhttps://www.welivesecurity.com/2018/05/24/mexico-cybercriminals-steal-400-million/xlihttps://www.bankinfosecurity.com/mexico-investigates-suspected-cyberattacks-against-banks-a-11008xliihttps://www.digianalysys.com/itu-global-cyber-security-index-2017/xliiihttps://www.wilsoncenter.org/sites/default/files/quo_vadis_mexicos_cybersecurity_strategy.pdfxlivIbid.xlvhttps://portswigger.net/daily-swig/mexico-launches-national-cyber-security-strategyxlvihttps://iclg.com/practice-areas/cybersecurity-laws-and-regulations/mexicoxlviiIbid.xlviiihttps://www.wilsoncenter.org/sites/default/files/cybersecurity_in_mexico_an_overview.pdfxlixhttps://www.insightcrime.org/news/brief/mexico-struggling-with-widespread-cyber-theft/