Although Latin American countries have made major strides toward cybersecurity maturity, sluggish progress and an aggressive cybercrime ecosystem present challenges ahead for the region.
Intel 471 this week published a report detailing Latin America’s cyber threat landscape, synthesizing data collected during 2025. Broadly speaking, the report references increasing security maturity for the region — citing a December 2025 report from the Organization of American States (OAS) attesting to this — while observing an increasingly hostile threat landscape.
For example, Intel 471 reported more than 450 ransomware breach events in the region last year, marking a 78% increase over 2024. Furthermore, researchers tracked more than 200 initial access brokers targeting Latin American entities, multiple advanced persistent APT clusters around the world, and at least 119 hacktivist groups in 15 countries across the region.
The OAS report cited increasingly complex digital threats in the region, as well as a wide variance in security posture that’s echoed in Intel 471’s findings. Member states vary in areas such as software assurance, critical infrastructure protection, and cyber insurance adoption.
“Despite growing awareness of cyber risk, structural challenges persist across the region, including limited cross-sector collaboration, shortages of skilled cybersecurity professionals, and inconsistent budget allocation,” the report read. “These constraints continue to impede the development of sustainable cybersecurity maturity. As governments and critical sectors further integrate digital services and infrastructure, cybersecurity has transitioned from a technical concern to a strategic priority for Latin America.”
Latin America’s Intensifying Threat Landscape
Although the threat landscape is always heating up in one way or another, Intel 471 said Latin America “has recorded the fastest global growth in disclosed cyber incidents, with reported activity increasing at an average annual rate of about 25% over the past decade.” The first quarter of 2025 alone saw a 108% year-over-year increase.
Latin American organizations face 2,640 cyberattacks per week, on average, compared to the global average of 1,955. “This escalation is largely attributed to rapid digitalization, persistent security gaps in cloud environments, and the increasing use of artificial intelligence (AI) to scale, automate, and enhance cyberattacks,” the report read.
The region saw some particularly devastating cyberattacks. In June, Brazil financial technology provider C&M Software was compromised in an attack originating from insider access credentials. Exploitation of its systems resulted in the diversion of 800 million Brazilian reals (approximately $148 million) from eight financial institutions. The DragonForce ransomware group claimed another attack against C&M later in the year. This was reportedly the largest ever cyberattack against Brazil’s financial system.
Also in June, the Brigada Cyber PMC data extortion threat group “claimed to have stolen more than 7 million records containing personally identifiable information (PII) of Paraguayan citizens from three Paraguayan government systems.” Attackers demanded a ransom of approximately $7.4 million, which researchers observed was $1 for each of the country’s citizens.
Brazil was the most targeted country in multiple categories highlighted in Intel 471’s report, which makes sense, as it is, by far, the most populated country in Latin America. Brazilian entities accounted for 30% of ransomware and extortion attacks tracked in the report, followed by Mexico at 14% and Argentina at 13%. The most targeted sectors were consumer and industrial products; followed by energy, natural resources, and agriculture; and professional services and consulting.
Broadly speaking, social engineering primarily enabled financial fraud in the region last year, with email and SMS phishing the most common mechanisms. Fraudulent call centers were also widespread, “redirecting victims to resolve fabricated e-commerce transactions, payment disputes, or alleged delivery issues.” Instant messaging platforms like WhatsApp were also commonly used to impersonate financial institutions, logistics firms, and contacts.
An Uncertain Cyber Future for Latin American Member States
Intel 471 summarized its report by saying the territory’s rapid digitalization outpaces its security maturity. “As a result, the region has evolved into not only a high-value target, but increasingly also a central hub for cybercriminal activity, with reported incident volumes and attack frequencies exceeding global averages across multiple open source datasets,” researchers said.
Moreover, as a hub for cybercrime, attackers have begun to scale schemes tailored for local organizations and reuse them against North America and Europe. This reflects increasing maturity for its cybercriminal ecosystem, Intel 471 said, and limited disruption efforts mean there are banking Trojans that have been operational for more than a decade.
In the short term, the researchers’ broad assessment was not optimistic.
“Looking ahead, we assess that meaningful risk reduction is unlikely in the near term,” Intel 471 said. “The development, harmonization, and enforcement of national cybersecurity policies and legislation remain slow-moving processes, while cybercriminal innovation continues at a faster pace — especially in the era of AI,” the researchers wrote. “Absent significant improvements in regulatory enforcement, public-private cooperation and regional information sharing, Latin America is likely to remain both a primary operating environment and an export hub for financially motivated cybercrime over the coming years.”
