In this new episode of Redefining CyberSecurity, Kate Esprit, alongside hosts Marco Ciappelli and Sean Martin, delves into the complexities of the cybersecurity landscape in Latin America, exploring underreported threats, cultural impacts, and the region's unique cyber challenges. They provide a comprehensive analysis of why Latin America's cyber adversaries remain overlooked in global discussions and share insightful predictions on future cyber trends.
Guests:
Kate Esprit, Senior Cyber Threat Intelligence Analyst, MITRE [@MITREcorp]
On LinkedIn | https://www.linkedin.com/in/kate-e-2b262695/
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
___________________________
Episode Notes
In this new episode of the Redefining CyberSecurity Podcast, host Sean Martin is joined by Kate Esprit and co-founder Marco Ciappelli to explore the nuanced cybersecurity landscape of Latin America. Esprit, with a rich background in Latin American geopolitical affairs and cybersecurity, provides invaluable insights into the evolving threat environment, emphasizing the region's often underreported cyber adversaries.
The discussion highlights Latin America's complex cyber landscape, marked by financial-motivated cybercriminals who, until recently, predominantly targeted local victims. Esprit points out the distinction between these cybercriminals and state-sponsored actors, shedding light on the operational and financial constraints that shape their activities. The conversation also explores the impact of language and cultural factors on cyber operations, including how attribution challenges complicate the response to cyber threats.
Esprit's extensive experience offers a comprehensive overview of the spectrum of cyber threats in Latin America, from traditional malware to sophisticated ransomware attacks targeting the financial sector and government agencies. She underscores the significant yet often overlooked role of technology, including the deployment of 5G infrastructure and its implications for regional cybersecurity.
Delving into the dynamics of cybercrime, the episode covers the intersection of cyber and traditional criminal activities, exemplified by cartels expanding into cyber avenues. This segment illuminates the blending of digital and conventional crime landscapes, highlighting the adaptability and resilience of criminal enterprises in the digital age.
The discussion also touches on broader societal and political issues, such as election interference and information manipulation, demonstrating cybersecurity's far-reaching implications. By examining the varying cyber maturity levels across Latin America, Esprit points to the critical need for improved cyber defense mechanisms and the role of international collaboration in bolstering regional cybersecurity capabilities.
In sum, this episode provides an insightful exploration of Latin America's cybersecurity challenges and opportunities, highlighting the importance of regional focus in understanding and combating cyber threats. Through Esprit's expert lens, listeners gain a comprehensive understanding of the unique cyber landscape of Latin America and the pivotal role of technology and policy in shaping its future.
EDITORIAL NOTE: During the discussion about the 2022 Conti ransomware attack targeting Costa Rica, it was stated that the attack occurred shortly after [President] Santos took office. We would like to make the correction to [President] Chaves.
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
2023 in Review: Notable Cyber Trends in Latin America: https://www.phishingforanswers.com/blog/2023-cyber-trends-latin-america
Operation King Tut - The Universe of Threats in LATAM: https://www.virusbulletin.com/uploads/pdf/conference/vb2023/papers/Looking-into-TUTs-tomb-the-universe-of-threats-in-LATAM.pdf
Blind Eagle's North American Journey: https://www.esentire.com/blog/blind-eagles-north-american-journey
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Beyond Borders: Uncovering Cyber Challenges and Innovations in Latin America | A Conversation with Kate Esprit and Marco Ciappelli | Redefining CyberSecurity with Sean Martin
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] Hola Marco.
Marco Ciappelli: Hola.
Sean Martin: Ah, I don't know how to say it in Spanish. There was a quick, uh, return to English. I lost you there already. Jeez Louise. If you asked me how I was, I could have said something. No, I don't know. Anyway,
Marco Ciappelli: that's too easy.
Sean Martin: That's too easy. Well, I have a bad start for a conversation.
Marco Ciappelli: No, no, no, it's good because I have a question for you.
Why am I here? I have no idea. You invited me like five minutes ago. You said you have a podcast. I said no, I don't. No, no, you're coming.
Sean Martin: Thanks to, thanks to technology. Maybe, maybe we can blame technology. This has been a fun time getting scheduled. And you, you've been added, but somehow it didn't end up on your calendar.
So, you've been invited. You just didn't know for some reason, but I really want you here. Cause I'm thrilled to have Kate Esprit on again. Of course, Kate's been on with us before. Kate, thank you so much for joining us again.
Kate Esprit: Hi, Sean. Hi, Margo. [00:01:00] Thank you so much for having me. It's a true pleasure to be back.
I really appreciate it.
Marco Ciappelli: Yeah,
Sean Martin: super fun. And this is a topic. And as you pointed out, Kate, it's something we've not discussed nor addressed. Uh, In quite a while, at least a year. I know, I know we looked at some of this stuff maybe a couple years back, but the, the, the state of cyber security in Latin America, right?
Um, do they get enough attention or not? Are they targets or not? We're going to talk about all that kind of stuff. What's the culture like? Government, business, society, and how does, how does that culture impact their ability to respond? Thank you. Stay safe as citizens and, and, and, uh, companies. Right. So we're going to, we're going to get into all that fun stuff and, uh, Marco, that's why you're on, cause you have political science and philosophy and, uh, I'll probably take it more into the, [00:02:00] the technical threat actor stuff.
And Kate sits in the middle of covering both, which is amazing. That's incredible. Um, so a little bit more about you, Kate. I know folks who. Hopefully you've seen the episodes you've been on. They know a little bit, but, uh, what have you been up to lately?
Kate Esprit: Well, um, yeah, thank you again for having me and allowing me to come on and discuss with you both this topic.
I'm really, really passionate about bringing more awareness to the, not only the threat landscape in Latin America, but to the world. garnering conversation around what we would call under monitored or under reported regions. So that includes Africa, parts of Asia. Um, and it's just an exciting opportunity for me.
So thank you. Um, my background, my career kind of started, um, I lived in Argentina and decided Okay, I want a job where I can speak Spanish. That was like my sole [00:03:00] criteria. And so I kind of started to work in Latin American political and like geopolitical affairs. Um, did some kind of like private sector intelligence work.
Um, I at one point was working at a law firm working with, um, kind of immigrants from Central America who had been victims of violence. So I, I kind of, Had the opportunity to really study and get to know the region. Um, and kind of just the, the layers that go along with understanding Latin America as, as a culture, as, as a history, as a people, um, and it's my passion.
And I think transitioning into the cyber work, you know, I assumed that I would have to kind of leave my work in Latin America behind. I think you just pull up any threat report. It's usually talking about Russia, China, Iran, DPRK. [00:04:00] Um, although that is changing a little bit now, I think. But, um, I actually found people were really interested in cyber criminals in Latin America.
So I found that, um, it was a great way to kind of merge both of my interests. So that's a little bit about me.
Marco Ciappelli: Well, that's really cool. You didn't tell me before about Argentina. I've been in Paraguay a few times. So, Close by, but I never made it to Buenos Aires, which is always a place that I wanted to visit.
Kate Esprit: Oh,
Marco Ciappelli: that's a conversation for another podcast. I'll have you all on another one.
Kate Esprit: Please. Yeah.
Marco Ciappelli: You know, I'm going to get going with this, with the first Question that probably people listening right now will wonder, which is why I mean, don't we already assume that cyber security technology, everybody's connected?
Sure. Few country less than others. It's not the same everywhere. But why we don't talk about that.
Oh, Marco, [00:05:00] I love that question. Um, I think it's so I think not a lot of people are asking that question. Um, I, The way that I think about it is from two different perspectives, right? There's the security researcher perspective, which is like the threat Intel analyst, you know, um, when it comes to Latin America, many adversaries are truly cyber criminal in nature.
They're financially motivated, they're opportunistic. So they're not really aligned with state or government objectives. And because of that, they have less comparatively less resourced. Right. So they operate on a smaller scale. Um, they're very specific in their targeting. They tend to only focus on victims in the region.
not really outside of LATAM, although I do think that's changing. And there's been some interesting examples. Um, attribution is really tricky as well when it comes to adversaries from the region, given the common, [00:06:00] um, you know, given the common language of Spanish, given the fact that they utilize open source malware, um, you know, what's available in open source rather than something that's custom.
Um, so I think those three things kind of lead security researchers to, um, prioritize other adversaries that are doing more new and novel and sophisticated techniques. Um, that's the first perspective from the, from the second perspective is the perspective of the industry, right? And when I say industry, I'm talking mainly kind of commercial threat reporting, right?
Like who is writing the reports and the intelligence that, right. People are consuming about the threat landscape all over the world. And I think, I think the industry right now tends to focus on either campaigns orchestrated by large, um, [00:07:00] nation state sponsored groups, or groups that are doing very novel, very stealthy techniques and are touching across the globe in terms of their targeting.
Um, so I think there's little market of market incentive for, These commercial vendors to report on what's happening in Latin America or other underreported regions, like what's happening in Africa, um, because they're less high visibility, if that makes sense. So that's kind of my, again, this is Kate's opinion, but that's the way that I see it right now.
Sean Martin: So let me ask you this. I mean, I, I embarrassed the heck outta myself at the very beginning 'cause I wasn't able to carry on a conversation beyond one your own law was very convincing. Beyond, beyond one word. Um, so I'm gonna, I'm gonna latch onto that because how important is the language? 'cause we, you talked about some of the other countries clearly.
There's no, for most of the [00:08:00] criminals that are, that are succeeding, there's no barrier for them to break out of their native language and into English. Um, but kind of the reverse break, breaking out of English or one of the other languages into Portuguese or Spanish or something else that shouldn't be difficult regardless if I can't do it, it should be difficult for most people.
Um, does that, is that a hindrance or does that, what about the language? Makes or changes the landscape because you mentioned them only really focusing on Latin American countries in terms of targets and reporting kind of stays, I presume, language based as well. And then they kind of get left out because it rooted in the language.
I don't know how important is the language is part of what you're looking at.
Kate Esprit: That's a really interesting question. I think, um, like I said before, when it comes to attributions, you know, attributing specific activities to a specific [00:09:00] group, I think the fact that most of these groups speak Portuguese or Spanish makes it difficult, right?
Of course, there's dialect differences between countries. Argentine Spanish has a different sound, different words than Colombian Spanish, for instance. But it is still the same language, so I think if I'm a security researcher hunting through artifacts after a campaign, And I'm seeing just, you know, artifacts in the Spanish language.
I just see that it's Spanish. I don't necessarily have enough to base my decision on, Oh, okay. It's probably this threat actor. So I think from an attribution standpoint, that would be my assessment. Um, from a, from the perspective of the threat actors themselves, I think it's more of a stick to what, you know, rather than.
Um, Oh, we might not speak other [00:10:00] languages, so we don't want to go and target other, you know, victims located elsewhere. Um, I think it's more about, you know, we have incredible access to the region. You know, some of the countries in Latin America are major, major economies with major access to financial resources.
Um, so it's kind of like, why wouldn't I just target, um,
Sean Martin: plenty, plenty of opportunity already.
Kate Esprit: Yeah. It's like, you almost have to think about it in the, through the lens of like, I'm going after the money. I want to get in there and get out and, you know, very little else is going on with my operations. Now, I do want to point out something interesting that's happening that we're starting to see happen is we're starting to see some of these groups that are, that have historically targeted other victims in Latin America, starting to expand their operations overseas.
We've seen this with, um, Brazilian developers of malware. They're [00:11:00] starting to sell their tools to overseas operators in Europe. We have, um, local criminal groups in Latin America selling initial access to ransomware operators overseas. Um, we even have foreign adversaries. starting to, you know, who haven't really targeted the region ever before are starting to, um, you know, launch espionage campaigns in Latin America.
So I do think the landscape is shifting a bit in that sense.
Marco Ciappelli: Hmm. Interesting.
Sean Martin: So many questions. Yeah, I know.
Marco Ciappelli: So I, I may, I'll ask you to, well, no, I'm not going to ask you a question. I'm going to ask you one question. So Latin America is pretty big. Right? So there may be a lot of resources there already.
But let, let's touch on, are there certain country in South [00:12:00] Latin America that are more or less active and how do they differentiate one from another? You mentioned Brazil, Colombia, Venezuela, Brazil, Argentina, um, any more active, less active or that you can easily say, yep, that's coming from place.
Kate Esprit: That's a really, that's a great question too.
Man, you guys are asking amazing questions. Um, It is important to keep in mind the distinctions between different countries, right? Because, um, I think that's one of the reasons that Latin America is so unique as a threat landscape is because what's happening in Mexico does not necessarily reflect what's happening in El Salvador from a cybersecurity perspective, from an economic perspective, from a political perspective.
Um, Major countries that I tend to focus on, so I'll put my, you know, just keep in mind that sometimes I focus on certain countries more than others, Mexico for sure. Mexico is a major economy [00:13:00] and has a huge financial sector. And because of that, they're hugely targeted for ransomware. Um, there are threat actors that only target Mexico.
Um, Argentina is another one. Argentina has a very interesting, it's a very interesting country in the way that it's become a, a. Almost hotbed for zero day developers, um, and hackers. Argentina has a very, very, very vast underground hacking community. Um, and part of that is because of political and economic reasons, which That's might be a conversation for another podcast.
Um, Brazil, as you mentioned, yes, Brazil is the number one. Um, I think it has the most number of detections for banking Trojan malware in the world, eight out of 13 [00:14:00] banking Trojan families that are active today come from Brazil. So it's very unique in that sense. So you're absolutely right. Every single country has.
Um, a little bit of of a different threat environment that being said, I, I still think that there are issues that unify the countries together. Um, and that, you know, certain threats like ransomware, um, are kind of faced by by them all.
Marco Ciappelli: And sorry, Sean, one quick follow up. Is it connected to the The technological development of the country itself, like more modern economy versus little more agricultural.
Kate Esprit: Yes, I would say for sure. Um, it's tied to, I would say the size of the economy. Of the national economy, a. k. a. does the country have those crown jewels that [00:15:00] adversaries go after? Um, I think the other interesting lens that I don't think is necessarily discussed from the perspective of an adversary is the government of the nation, right?
Like Venezuela is the number one purchaser of of Chinese military hardware in the region. Um, and I think that's like an interesting fact, because there's been more Chinese investment in infrastructure in the country. Um, and so, you know, one has to wonder, given the foreign influence, are they, you know, Venezuela has their own, like, kind of domestic adversary cyber capabilities as well.
That they're launching offensively. Um, how does foreign influence and kind of the position of national governments influence, um, the cyber capabilities and the defense capabilities of each [00:16:00] country.
Sean Martin: So I want to, I mean, I, uh, my natural inclination is go down to the technology. I thought that's where Mark was going to go when he talked about technology, technological advancement.
I was like, you stole my question, but I'm going to go kind of back to the, the, the government end here. Cause if we look at. The United States government may not be functioning, but the goal is to, across, across the states, we have some guidance at a federal level, some frameworks and rules and laws and regulations to help steer us in the right direction.
Maybe not as fast as many would like, or maybe too, too aggressive in some areas. We can look at Europe, the European Union, they all have a similar thing where there's There's an entity guiding multiple states through some of these things. Is there an equivalent in Latin America, South America?
Kate Esprit: Hmm. [00:17:00]
Sean Martin: Or is that East Country kind of left to their own devices to deal with it on your own?
And is that a bad thing? I don't know.
Kate Esprit: Right. Um, so Organization of the American States, OAS, is a multilateral organization that Is that part of the reason, you know, part of their reason for their work in Latin America is ensuring that each country develops or creates, develops and implements a national cybersecurity strategy.
Um, not every country in the region has, has done that yet, but that is the effort of, of a organization like OAS. to help countries at least develop that kind of baseline level of cyber governance. Um, so just wanted to acknowledge that because they're a fantastic organization. Um, this is not sponsored, but there are some very interesting multilateral efforts.
[00:18:00] to kind of bolster cyber defense in the region as a whole. Um, we've seen other examples like the counter ransomware initiative, um, which was, I believe it's the international counter ransomware initiative, but the White House put out a press briefing last year with 50 member countries. Five of those countries are based in LATAM.
Um, so I think there is growing enthusiasm on the part of Latin American countries for multilateral efforts like that. Um, however, the individual kind of national governance abilities does hinge on the individual country and their governments, um, and the amount of resources that they have, to be quite honest with you.
Um, Costa Rica is an interesting example because You know, they got hit with that Conti ransomware attack at the end [00:19:00] of 2022. It was huge. It was big enough that it made international headlines. And that jumpstart, I think it was like a week after Santos took office. Um, but that kind of jumpstarted the whole country's focus on cyber defense and cyber capabilities.
So now the government, um, is investing heavily in it. Again, strengthening their cybersecurity framework, implementing the laws that they need to implement. Thinking about workforce development, right? Like how do we build up our, our pool of cyber talent and get them to, you know, um, kind of work for both private and public sector.
Um, so that was a longer answer to your question.
Sean Martin: Not the other sector, the third sector in this equation. I guess the consumer is the fourth sector. But anyway, uh, Marco, [00:20:00] you,
I mean, I can keep
going.
Marco Ciappelli: I have a parallel that I'm curious about, which is the organized crime, right? And, and how it's hard for, to, to believe that they don't see an opportunity here, of course.
And as they organize crime, there is a lot of money to be made by Using cybercrime. Is there a connection with that? Like, I'm thinking drug cartel. I'm thinking a lot of other reality out there. So are there a group that can be associated with existing cybercrime? I mean, existing crime cartel over there, anyway?
Kate Esprit: So, we have seen some examples of kind of traditionally criminal groups, traditional in the sense of non cyber, like non digital, um, [00:21:00] kind of starting to veer into the realm of cybercrime. The Sinaloa Cartel is an example. They operate out of Mexico. They're one of the biggest drug cartels, um, in the region, let alone Mexico.
And they have started to do some interesting things on the dark web, um, such as selling data. Um, they're starting to, um, kind of put up, they're starting to sell different things on the dark web. Their OPSEC is, improved remarkably. Um, so I think there's kind of examples like that. The, there is still a very clear distinction as, as it stands right now between those traditional criminal groups and the cyber adversaries.
It is possible sometimes they work in tandem, but it, it still seems like people are staying in their lane because what Sinaloa cartel doesn't, they're not [00:22:00] necessarily. In need of funding because they are still trafficking drugs. They are still. Kidnapping victim for ransom. You know, there are, there are still very connected to, um, local officials.
So I think there are streams of revenue. It always comes back to the money, at least in Latin America. Um, when we talk about the crime landscape in general, I think what the Sinaloa cartel is doing right now is working. So they're not necessarily incentivized to build out resources elsewhere. If that makes sense.
Sean Martin: This may seem like an odd question, but I'm going to put it out there anyway. Because they make so much money, are they, are they also a target? And do you have any insight into how they might leverage commercial, commercial products and tools and whatnot to protect themselves from cybercriminals? I don't know.
Any, any thoughts on that?
Kate Esprit: [00:23:00] That's an interesting question that I'm not sure a lot of people are looking into. I actually don't have an answer for you. I don't know. It could be happening. That would be brilliant, but very risky as well, right? If you get caught extorting or robbing or hacking, um, some of these very big high profile groups, you have, you kind of have a target on your back now.
So, um, that's interesting. I think what is more likely to happen is eventually the groups start working in tandem. We see that a lot with Latin American adversaries. We see that with. kind of, um, cyber gangs operating in Brazil, it's like, okay, well, we might as well work together because we have the same objective.
So why don't we just pull our resources together and our capabilities together and have a bigger impact? Um, that would be my assessment.
Sean Martin: Cause I was envisioning the other where [00:24:00] they're competing. So if I can, if I can delay deliveries using technology, if I can disrupt, right. Or use misinformation to, uh, to take the competitor out of the game.
Kate Esprit: Well, I will say, recently, um, there's been a string of kind of mass arrests in Brazil, they're trying to really crack down on the, the cybercriminal gangs that are operating Brazilian malware, um, like banking trojans. And so I wonder if, you know, are there other groups out there that are feeding the authorities information in order to, you know, lead to the warrants and the arrest, kind of eliminate the competition, but I don't know.
I can't prove that.
Marco Ciappelli: It's interesting. And apart from the good idea for a movie. Um, Sean just gave us, um,
Sean Martin: I'm writing [00:25:00] the script, isn't he's writing the script for me. Patent it.
Marco Ciappelli: No one can steal it. It's already going. I think it was a thinking right now. Well, you said at the beginning that there is really no interest for other country to get into what's going on there because, you know, if it's not affecting us, why would I?
Why would I care? But while that may work for certain kind of local criminal practices, you also said that the Brazilian banking Trojan are sold all over the world. So I think that should spark the interest of the, the international community to, to go ahead and do something about that. As we know, there is no boundaries in, um, on the internet.
So totally what's going on as or what do you think it will going on happening in either, you know, this year and the next year [00:26:00] coming up as they expand, would they call the attention of the international community?
Kate Esprit: Yeah, I think short answer. Yes, I do. Um, again, I, I spoke about at the beginning about why the region is under reported, but I do want to put some I do think that's starting to change.
I think. We're in a position right now in the interconnectivity of our world where we cannot simply focus on one territory versus another because the nature of our networks do not know those boundaries, right? Um, and I think you mentioned kind of Brazilian malware is starting to spread overseas. I think that also goes with, um, other adversaries in the region.
For instance, Blind Eagle. They just hit North America for the first documented time ever. Um, I think it was last month or this month. [00:27:00] And that's really significant, right? So I do think that these adversaries are starting to grow and become more bold. Um, in terms of what's to come in the threat landscape, Um, I would be very curious if I think, I think a couple of things.
I think I would be very curious to see if the rate of cryptocurrency attacks rises in the region. Um, Central America and the Caribbean are one of the biggest adopters of cryptocurrency. And I think, you know, that I think it was El Salvador that just declared it a national current Bitcoin, a national currency.
So I wonder if that just, That increase in attack surfaces would kind of, um, lead to more crypto based attacks in the region. Um, I think that there [00:28:00] is a, we'll start to see continued increasing and targeting by foreign adversaries against the region. Um, again, foreign influence in the region is really growing.
There has been very interesting kind of, technology and defense and economic trade agreements between countries like Russia and Iran with countries in Latin America. Um, adversaries from the region are again, starting to kind of expand, but they're also transitioning from this more general, Oh, let's see who we hit to more kind of a more narrowed focus, right?
They're starting to focus more on high. It's on specific high profile victims, um, such as governments and corporations. If you're hitting a corporation, like chances are you can hit a bunch of different countries outside of the region as well. So
Sean Martin: I now want to dig into kind of the [00:29:00] technology because I don't want to sound naive, but organizations in Latin America, how advanced are they in terms of adopting new technologies or, or you find that, that they either are limited because of. The way they operate or because of trade regulations that they're, that the subset of technologies is smaller than perhaps organizations in the U S or Europe.
So I don't, I don't know, this might be a naive question, but cause I'm thinking about there's the target, the organization, but then there's the target, the system. And if, and if the system is consistent more so than in other regions, you have a broader or sorry, more focused view on what's possible. where the weaknesses are.
You don't have to hunt all over the place. Um, so from an adversary perspective, the, the footprint is more focused and you can target the [00:30:00] things that you, that you know will work and not have to hunt around and do a lot of recon to find those things. So I don't know any thoughts on that in terms of the, the exposure an organization has based on the technologies they have available to them.
Better or worse than other regions?
Kate Esprit: Ooh, I think, I think it's similar to be honest. I think again, it's so country by country focused. You have countries like El Salvador, Brazil, Argentina that are, that are drastically kind of implementing 5g infrastructure in a really real way. And so I think in that sense, These are examples of countries that are technologically maturing.
Um, and then you have other countries that are still running legacy Windows OS systems within their government agencies. Right. Um, and I [00:31:00] think, I think it's about access to resources and the economic status of the country, but I also think it's about. Still needing to almost reframe mentalities in terms of what is so what is the most important thing for a nation's defense and the problem with cyber and boosting cyber capabilities and getting access to better technology.
One, it costs money, but two, I think it's such a domino effect, right? It's like, okay, well, we need to, we are still running Windows 7. Okay, we need a update. That would involve getting Windows 10 or 11 machines, right? Um, let's say we do that. Okay, now we need to implement firewalls. We need to implement things like IDS, IPS.
We need to implement things to protect those systems. And so, it becomes not just a matter of [00:32:00] resources and hardware, but it becomes a matter of, you know, Who, who do we have that knows how to implement this? There is a huge, huge educational, um, gap, I think. Um, in terms of level of expertise. And I think that's what makes the problems of Latin America very similar to the rest of the world, right?
It, we have that in the U S we have the talent gap that everyone loves to talk about, um, how do we educate our, our younger, younger generations and get them. You know, in a place where they can help support this because this issue is not going away and we're behind and etc, etc. So that's kind of my assessment.
It's a difficult one.
Marco Ciappelli: Okay, let's talk about the talent gap. No, I'm kidding. I don't want to talk about that.
Sean Martin: You're already exposed by gap.
Marco Ciappelli: No, what I want to talk about is this. So, um, We have talked about technology, cyber attack, [00:33:00] defense, maybe data breach, black, I mean, um, the underground market and many other things, but we haven't touched on the manipulation of information and also interference in, in election, which we know may get a little complicated in many countries down in South America and Latin American in general.
People might not have the latest, uh, computer, desktop, with the latest operating system, but almost everybody, I think, they have a mobile phone, a smartphone. And so, maybe they don't run many things there from a business perspective, but they do run their life. They're on Facebook, they're on TikTok, they're on Instagram.
And so, do you know anything about the other threats for Cyber, which is [00:34:00] interference in election, politics, manipulation of fake news and all of that.
Kate Esprit: Yeah, absolutely. And I would imagine we would see election related influence operations this year because there's a number of really big elections in the region.
Mexico is about to undergo their largest election in a long time because they have national elections, but then they have municipal and kind of local level as well going on at the same time. Um, Panama has elections, Uruguay as well. Um, Brazil, Chile. So yes, I think we've seen that in the past. We will continue to see it.
One thing I want to bring up is the use of spyware in the nation against journalists and human rights defenders. That's a really big issue for a couple of countries. whose governments are utilizing spyware to kind of target, [00:35:00] um, journalists and maybe other people that are outspoken against said government.
Um, you know, we've seen the use of Pegasus spyware and Predator, um, in Venezuela. Maduro's government used, I think they collaborated with mobile service providers. to monitor 1. 5 million people's phones. So just citizens, not even necessarily, um, journalists or high profile human rights defenders. So that's another really big issue.
And I, I know that that's not unique to Latin America that's going on in other areas of the world too. But, um, I do think that's a consideration for sure.
Marco Ciappelli: So, and are they, I mean, our government, apart the one that actually used this bad one, the one that don't want it to use. Implementing any form of campaign, educational campaign, [00:36:00] anything like that to make the citizen aware of that possibility.
Kate Esprit: Yeah, there are a number of civil society organizations that are dedicated to that, especially in countries where it's happening, right? Because. There's a need to educate citizens and, uh, of what's going on. Um, there's even, I think, been some, some high profile lawsuits. Um, so it'll be interesting to see what has come of those lawsuits or if anything, you know, will change in that regard.
My guess would be at least in certain countries, um, the use of spyware is still happening. We just don't know about it. So, um, But anyways, going back to your original question in terms of kind of other types of cyber attacks, yes, I do believe that that is going on and we'll continue to see that, especially Latin America has a [00:37:00] very high, um, mobile user rate, it has a huge rate of social media, we saw that in the 2016 elections in Brazil as well as the 2020, Um, tons of fake news, spam campaigns, um, happening via WhatsApp and were disseminated via WhatsApp.
Um, it actually, it led to a huge lawsuit against Meta and WhatsApp, the companies in Brazil to try to kind of counteract it. So yeah, but we see that in the U S too, I think, right. It's, it's kind of a problem everywhere, unfortunately.
Sean Martin: So as we're talking about this, I'm thinking, so, you know, Clearly from a political societal perspective, some of this stuff will have an impact broad stroke across the citizen base, right?
Um, as we move back, so that's kind of citizen government. As you [00:38:00] move back into the business world though, I mean, It costs money to protect, it costs money when we can't protect enough, and it costs money to respond to, uh, to successful attacks, right? We either lose something, or we have to pay extra, or we have lawsuits, whatever.
All that cost trickles down somewhere. Either the company can't afford the cost, and they go out of business, or the company transfers the cost to their, their customers, be it other, other companies, or, or the consumers. So, do you have a sense of the impact? So beyond just They use it to conduct ransomware campaigns.
Do you see the, do they have any data on the costs of the impact and how that might affect the economy and the citizens in different, different countries in the region?
Kate Esprit: Oh man. Yeah. There's been a number of reports from a couple of well [00:39:00] known vendors like Kaspersky and ESET security who have reported on this.
They did some reporting last year, um, regarding specifically the impact of ransomware on businesses. Um, it's astronomical. I can't give you a number, but it is, um, it's a major consideration. Right. And. I think what we're starting to see, but that's very interesting in terms of ransomware is victims in the region, as well as other parts of the world are not paying the ransom anymore.
They're just taking the loss. Um, and I think there are relatively cost effective ways to protect your data. And I think when you're getting hit with a ransomware attack and you don't have data stored in backups, that is a good lesson the next time this happens, you have a backup copy of your data.
Because if you do. And you're hit by another ransomware attack, which happens right. In Mexico last year, we [00:40:00] saw government agencies were hit twice by ransomware groups, 48 hours to six months later. Um, so they got hit by one ransomware strain and then 48 hours to six months later, they got hit by another, which is.
Um, but when that happens, you have to ask yourself, how do I not like the only reason I'm paying them is because I don't have the data that they stole. Um, so that's something that I would point out. Does that answer your question?
Sean Martin: It does. It does. I think, um, yeah, that's one example of ransomware. I think there's probably a lot there and I'm not trying to put you on the spot either, but I do want to shift to, um, ransomware.
Is critical infrastructure. Um, I think every everywhere is weak in this regard. There's no, there's no one country immune. Or [00:41:00] yeah, immune from attack and immune from weakness there. So what, what's the state of critical infrastructure, cybersecurity, and is that government, commercial, private sector, where, where does, where's the responsibility sit in the region?
Does it mix between countries? Any thoughts on that big picture, which is a whole mess, I'm sure.
Kate Esprit: Yeah, no, absolutely. It, is definitely country dependent. Um, if a country has a national CSIRT, they're already ahead of their one step ahead of everybody else. In my opinion, if you have a dedicated CSIRT, um, team that is monitoring threats coming in and threatening critical infrastructure and your government agencies, That is already an amazing kind of first line of defense, right?
I think of Chile as an example. Chile has [00:42:00] a very mature CSIRT. They are also, I would, I would consider them to be a regional leader in cybersecurity. Maybe along with Brazil. Um, Just because of not only their national cyber capabilities, but kind of their, the maturity of their reporting, um, and governance as well.
Cesar, Cesar Chile, just, um, the Chilean president actually just signed into, affect their updated cybersecurity policy, which actually defines the critical infrastructure sectors, right? Like what do we consider critical infrastructure? And I think that's a huge step in the right direction. Um, there are other considerations though, that I think aren't being asked when it comes to critical infrastructure in Latin America.
And I'll 5g, right? Who, [00:43:00] which nations have access to this infrastructure? Who built it? Um, the answer to the, both of those questions happens to be China. Um, so I think there's, but it's, it's also a difficult conversation, right? When you, when you consider Latin America, you have to do it not through a US lens.
You have to do it through the lens of that country because they do not necessarily have the same. Diplomatic or political history that the U. S. Does with some of these countries. Um, so, you know, from their perspective, 5G could bring connectivity to really, really remote regions of the country that really need that Internet connectivity that could, you know, really bolster, um, you know, the quality of so many lives.
So it's, it almost becomes a philosophical debate, Marco, hope you're listening. Um, when it comes to kind of considerations of critical infrastructure in that sense. [00:44:00]
Marco Ciappelli: Well, I've been in, I've been told to wrap and now we went there and it's very hard.
Sean Martin: You go there. No,
Marco Ciappelli: I don't know. I mean, this is, I suggest another conversation actually because you make me think about the history of Latin America and South America and, and again.
The situation where, like, if you look at Africa or other places in Asia and you see an opportunity to create an influence and technology now it's that, it's the infrastructure, the 5G, and I agree with you, it's a sociological question, um, of very high importance because the conundrum of do we stick with nothing or with not being over, uh, And advancing our technology and all that it brings to our population versus, you know, risk to have, uh,
Sean Martin: who knew that the [00:45:00] selection of a certain technology would put you in a one position or another on the political global stage, right?
Marco Ciappelli: Where are we? Let me think. I don't know if you were with me in the conversation. I think that was was there is a, um, Paython the other day when we were talking about TikTok and I haven't published this yet, but stay tuned Advertisement we went back to talk about um the telephone company who Huawei the Chinese company and and it's like, um, you know, one is hardware one is social media, but But they're both affecting other country and I mean, cultural influences have been going on for many, many years.
So again, a big can of conversation that we're opening again,
Sean Martin: can of something.
Marco Ciappelli: Yeah. But yeah, we should have it. We should have it even on a panel that will be, yeah, that'd be really fun. So with that said, [00:46:00] Kate, I hope you had fun. I hope we didn't put you on the spot with some weird questions. And uh,
Sean Martin: we handled it with complete grace.
I'm impressed with the amount of knowledge you have, for the region, for sure.
Marco Ciappelli: Yeah, and any one of our questions, I think, was really driven by curiosity, because we don't know enough about it. And that's, that's not something that should happen. We always know. More about the other country and what they go through, especially because we're all connected.
So, I don't know, Sean, this is redefining cybersecurity is redefining society and it's gonna go probably on both, uh, on both of our channel as well as our, our channels P channel. Yeah. And, uh, Kate, thank you so much again for being tremendous pleasure to come back.
Kate Esprit: Thank you. Likewise. It's, I definitely believe in the work that you guys do with this show, and I just want to thank you.
It's a huge honor. I definitely want to underscore that I'm just one of a multitude of researchers out there [00:47:00] that is kind of focusing on the region so special shout out to those people too, because they're really, they're really helpful.
Sean Martin: Well the work you do and I'm glad you mentioned that because the work you do is.
Tremendously important, critical, in fact, uh, to the safety of Marco and I. That's, that's what we care about, right? We care about ourselves, Marco. And we care about that. And we care about that.
Marco Ciappelli: Well, I, I care about South America and Latin America. So, yeah.
Sean Martin: Exactly. Now, on a serious note, it's important to keep an awareness, right?
If you don't know, you can't find the, the issues that need to be addressed. So.
Marco Ciappelli: As a matter of fact, you know, I would love to have this conversation if you know somebody that is doing the job that you're doing, but it's focusing more on the region of the world that are now talked about, like somewhere in Africa, in Asia, or any other part of the world.
I mean, I'd be happy to, to have this conversation. So hopefully, this is [00:48:00] the first of many. That will come here on itsp magazine until then everybody should stay tuned There'll be links to connect with kate on the notes of this podcast and share it If you're watching the video, hit the like and subscribe.
And if you're listening to us, do the same thing we are on leave a comment.
Sean Martin: Yeah, I'd love to love to get some comments on the show as well.
Marco Ciappelli: Say something about Sean t shirt.
Sean Martin: Talk, talk about how great is that? Talk about how great Kate is. That's what I want to hear. I'd like to hear that
Marco Ciappelli: too.
Sean Martin: Yes,
Marco Ciappelli: exactly.
There you go. Everybody, everybody. It's a unanimous decision. A nice comment.
Sean Martin: We all want to hear it. Positive feedback, information on the kitchen.
Marco Ciappelli: All right, everybody. Thank you.
Sean Martin: Thanks everybody.
Marco Ciappelli: Bye bye. Bye.