Kaspersky , the international company of Russian origin dedicated to cybersecurity, announced in early July the appointment of Fabio Assolini as the new director of the Research and Analysis team for Latin America.
Assolini says that he became interested in cybersecurity in 2006, when his wife’s computer was infected by a Trojan virus through the MSN messaging program.
His research into malware to combat this virus led him to join Kaspersky’s global research and analysis team in 2009, where he was tasked with analyzing trends in viruses, cyberattacks, Trojans and other types of hoaxes originating in Brazil and the rest of the region.
After his appointment, in an exclusive interview for Expansión, Assolini spoke about the fraud trends he identifies in the region:
application security
Currently, one of the concerns among Mexican users is the threats they may receive through applications. Regarding this issue, the Kaspersky executive mentions that there are two main threats:
“The first and most common is the threat to privacy.” If the app is free, it’s because it’s taking data from your phone. “There are free applications that are very invasive; they take a lot of personal data and it is the cost that people are paying”.
On the other hand, the second important problem in Latin America is financial dangers. “After the pandemic, the use of smartphones to access online banking and make online purchases increased a lot. Our entire financial life is on the phones,” he mentions.
This arouses the interest of criminals who make malicious code. And it is that, according to data, the number of internet banking users in Mexico is 70 million and between 2010 and 2021, the number of people who made online transfers implied a transfer value of 87.69 billion pesos.
“Today we have a lot of attacks directed at victims, and the challenge is to prevent fraud, account theft, credit card capture, password capture to access the investment and cryptocurrency app.”
How to avoid cloud fraud
“The cloud today is a source of data for criminals” mentions Assolini. And it is that, the adoption of the cloud has become increasingly relevant for companies, as it offers services such as data storage, security, software applications and business intelligence through the subscription of clouds such as those of SAP, Oracle, Amazon Cloud, among many others.
According to a statement from the consulting firm Gartner, it is expected that, by 2023, the spending of end users worldwide on public cloud services will reach almost 600,000 million dollars.
“Cloud services are very popular today because they are a way to lower the costs that the company has to maintain online services (…) but these are the providers. The one who must take care of the security of this data is the one who contracts the service”, Assolini mentions.
According to him, taking care of cloud data is a shared responsibility that many companies do not assume and, therefore, become victims of cloud fraud, or suffer from data hijacking.
Business Fraud Trends
One of the trends that Assolini has identified is the increase in fraud using mobile devices, since online banking is found there and e-commerce has grown rapidly since the pandemic. “It was an evolution that was expected to take place in 10 years, but it happened in two. Today criminals, when developing a new fraud, start with mobile platforms.”
The other trend is that in order to complete the fraud, criminals need to bypass authentication systems and the best authentication system today is biometrics. For example, when a banking app requests to take a photo or make a short video to do facial recognition and gain access.
“Today, the trend is for criminals to use Artificial Intelligence to circumvent these biometric authentications based only on a photo. They take a photo of the user, put it into the program that does all the AI work to create movement, and can use it to do fraud. Sooner or later this will be more popular and there are frauds that companies have to worry about.
Lastly, ransomware attacks, which involve data hijacking, have become more targeted at businesses. “They do the initial invasion, determine the size of the company, and analyze sensitive documents to see if the attacked company can pay a ransom.”
