F5 Labs in collaboration with Effluxio researches global attack traffic to gain a better understanding of the cyberthreat landscape. In this installment of regional threat analysis, F5 Labs researchers break down the data collected by our sensors on attacks targeting Latin America from January 1 through March 31, 2021. Cyberattacks happen in many forms, but they usually start with a scan. This report presents an analysis of network logs and does not necessarily indicate malicious intent from a source country or organization. We last looked at this cyberattacks for Latin America in our Regional Threat Perspectives, Fall 2019: Latin America.

Highlights

• The United States was the top source country for cyberattacks against Latin America.
• Port 5900, commonly used by VNC for remote desktop sharing and control, was scanned the most.
• Internet hosting provider Serverius Holding B.v. (AS50673) led the attack chart with over 47 million requests.
• Attacks on PHP and WordPress were the most commonly seen, but many other vulnerabilities were also detected.

Attack Traffic Details

Analysis of the traffic yielded significant insights into the source and intended services that malicious actors wanted to abuse. This section covers the top categories, including traffic source countries, organizations, services, and IP addresses.

Top Source Traffic Countries

Analyzing the geographical sources of the IP addresses, malicious requests came from the following countries, in order: the United States, Lithuania, China, Russia, Germany, France, Brazil, the Netherlands, Argentina, and the UK (see Figure 1).