Cybercriminals have chosen a new tactic for testing their tools. They run viruses and other malware on users from developing countries – they have weak protection against hacking. After gaining experience and completing testing, hackers begin attacking targets in the United States and Europe.
Digital sandbox for hackers
Cybercriminals from all over the world saw developing countries as a huge, giant testing ground for their hacking and attack tools, writes the TechSpot portal. In fact, they have turned them into their own cyber sandbox, where they test new types of malware, then apply them to targets in developed countries.
This, as it turned out, has a very specific reason. Companies and users from developing countries have significantly weaker protection against hacker attacks, so it is easier to test the latest developments that have not yet been tested, and which do not yet know how to behave "in battle". If you go out with such a "weapon" against a more serious opponent, that is, against users and firms from developed countries, there is a high chance of losing, that is, making an unsuccessful attack.
Who was the least lucky
Most often, companies registered and stationed in African countries become unwitting participants in hacker experiments. Organizations from Latin America share a sad fate with them, and Asian firms also have a very difficult time.
Hackers see them as the simplest possible targets. A weak information security circuit attracts them with terrible force – having become adept at weak opponents, cybercriminals then go on to attack American and European companies.
Among those affected by the hackers 'actions during their so-called "training sessions" were a bank in Senegal and a financial company from Chile. Moreover, hackers do not care who they attack-they are equally interested in both private business networks and the IT infrastructure of state institutions. For example, not so long ago, their attention was attracted by a tax firm in Colombia and the state economic agency in Argentina, writes the portal Ars Technica with reference to the information security company Perfomanta.
Testing examples
Hackers are testing viruses and Trojans on companies from developing countries, and the main problem of recent years is ransomware, the successful operation of which, as CNews reported, can lead to huge losses.
Perfomanta experts noted that not so long ago hackers staged a large-scale test of a new modification of the ransomware, which was named Medusa in honor of the eponymous heroine of ancient Greek mythology. It turned people into stone, and the Medusa ransomware turns files into a virtual "stone" by encrypting them.
This malware was first used against businesses in South Africa, Senegal, and Tonga in 2023. Later, hackers successfully used it in at least 99 hacking cases in the United States, Great Britain, Canada, Italy and France.
Collective creativity
According to Nadir Izrael, technical director of the Armis information security company, hackers often collectively discuss how to exploit a particular new vulnerability in developing countries. For example, in early 2024, attackers were interested in the CVE breach-2024-29201 – Israel stressed that hackers specifically targeted several open servers in third world countries in order to test the corresponding exploits. Attacks at that time were limited to Southeast Asia, but later attempts to exploit CVE-2024-29201 were made all over the world.
Teresa Walsh, senior intelligence officer for the cyber threat intelligence organization FS-ISAC, said that some hacker groups are improving their extortion techniques in poorer countries before applying their skills in richer countries where the same language is spoken. She cited Brazil and Portugal as examples.
There are no sandboxes
The fact that hackers really use developing countries as their testing ground is openly stated by many information security experts, therefore, this is a really common phenomenon. But Microsoft, for example, fundamentally disagree with this.
Sherrod DeGrippo, director of threat analysis strategy at Microsoft, believes that the increase in attacks on organizations in developing countries is solely due to the fact that ransomware gangs are selling their software to less sophisticated hackers in poorer countries. These attackers, in her opinion, often do not understand how malware works, so they organize their attacks only against less well-protected targets.
"The number of infected computers in Africa and Latin America is really very high," Evgeny Gromakovsky, CEO of corporate messenger Compass, told CNews. – There are many reasons for this: low cybercrime of users, the use of unlicensed software products and rare updates to operating systems, as well as insufficient business investment in information security. We are not even talking about material resources – companies do not invest much in training specialists and sharing experience."
According to Gromakovsky, all this is "good ground for cybercriminals." "Therefore, it is not necessary to say that malware is being tested in Latin America and Africa," he told CNews. "Rather, it is a natural consequence of the reasons described above. Moreover, I am not sure that such a strategy is also beneficial for cyber groups. It is unlikely that the rehearsal of an attack on weakly protected companies will help in any way in attacks on North American and European businesses that pay great attention to cybersecurity."
"However, there is a problem, it is worth talking about and eliminating those factors that cause a huge number of attacks in less cybersecure regions," Evgeny Gromakovsky summed up.
Digital sandbox for hackers
Cybercriminals from all over the world saw developing countries as a huge, giant testing ground for their hacking and attack tools, writes the TechSpot portal. In fact, they have turned them into their own cyber sandbox, where they test new types of malware, then apply them to targets in developed countries.
This, as it turned out, has a very specific reason. Companies and users from developing countries have significantly weaker protection against hacker attacks, so it is easier to test the latest developments that have not yet been tested, and which do not yet know how to behave "in battle". If you go out with such a "weapon" against a more serious opponent, that is, against users and firms from developed countries, there is a high chance of losing, that is, making an unsuccessful attack.
Who was the least lucky
Most often, companies registered and stationed in African countries become unwitting participants in hacker experiments. Organizations from Latin America share a sad fate with them, and Asian firms also have a very difficult time.
Hackers see them as the simplest possible targets. A weak information security circuit attracts them with terrible force – having become adept at weak opponents, cybercriminals then go on to attack American and European companies.
Among those affected by the hackers 'actions during their so-called "training sessions" were a bank in Senegal and a financial company from Chile. Moreover, hackers do not care who they attack-they are equally interested in both private business networks and the IT infrastructure of state institutions. For example, not so long ago, their attention was attracted by a tax firm in Colombia and the state economic agency in Argentina, writes the portal Ars Technica with reference to the information security company Perfomanta.
Testing examples
Hackers are testing viruses and Trojans on companies from developing countries, and the main problem of recent years is ransomware, the successful operation of which, as CNews reported, can lead to huge losses.
Perfomanta experts noted that not so long ago hackers staged a large-scale test of a new modification of the ransomware, which was named Medusa in honor of the eponymous heroine of ancient Greek mythology. It turned people into stone, and the Medusa ransomware turns files into a virtual "stone" by encrypting them.
This malware was first used against businesses in South Africa, Senegal, and Tonga in 2023. Later, hackers successfully used it in at least 99 hacking cases in the United States, Great Britain, Canada, Italy and France.
Collective creativity
According to Nadir Izrael, technical director of the Armis information security company, hackers often collectively discuss how to exploit a particular new vulnerability in developing countries. For example, in early 2024, attackers were interested in the CVE breach-2024-29201 – Israel stressed that hackers specifically targeted several open servers in third world countries in order to test the corresponding exploits. Attacks at that time were limited to Southeast Asia, but later attempts to exploit CVE-2024-29201 were made all over the world.
Teresa Walsh, senior intelligence officer for the cyber threat intelligence organization FS-ISAC, said that some hacker groups are improving their extortion techniques in poorer countries before applying their skills in richer countries where the same language is spoken. She cited Brazil and Portugal as examples.
There are no sandboxes
The fact that hackers really use developing countries as their testing ground is openly stated by many information security experts, therefore, this is a really common phenomenon. But Microsoft, for example, fundamentally disagree with this.
Sherrod DeGrippo, director of threat analysis strategy at Microsoft, believes that the increase in attacks on organizations in developing countries is solely due to the fact that ransomware gangs are selling their software to less sophisticated hackers in poorer countries. These attackers, in her opinion, often do not understand how malware works, so they organize their attacks only against less well-protected targets.
"The number of infected computers in Africa and Latin America is really very high," Evgeny Gromakovsky, CEO of corporate messenger Compass, told CNews. – There are many reasons for this: low cybercrime of users, the use of unlicensed software products and rare updates to operating systems, as well as insufficient business investment in information security. We are not even talking about material resources – companies do not invest much in training specialists and sharing experience."
According to Gromakovsky, all this is "good ground for cybercriminals." "Therefore, it is not necessary to say that malware is being tested in Latin America and Africa," he told CNews. "Rather, it is a natural consequence of the reasons described above. Moreover, I am not sure that such a strategy is also beneficial for cyber groups. It is unlikely that the rehearsal of an attack on weakly protected companies will help in any way in attacks on North American and European businesses that pay great attention to cybersecurity."
"However, there is a problem, it is worth talking about and eliminating those factors that cause a huge number of attacks in less cybersecure regions," Evgeny Gromakovsky summed up.
