With weekly cyberattacks in Latin America and the Caribbean surging to make it the most targeted region in the world, the digital landscape has become a high-stakes battleground. To understand this dramatic shift, we sat down with Dominic Jainy, a leading IT professional specializing in the intersection of artificial intelligence and global security threats. We explored the complex factors fueling this crisis, from the booming black market for stolen credentials to the nuanced strategies of state-sponsored espionage campaigns. Our conversation also delved into the specific vulnerabilities plaguing critical sectors like healthcare and manufacturing, and the emerging, double-edged sword of generative AI in the corporate world.
With weekly cyberattacks in Latin America surging 26% to over 3,000 per organization, what specific economic or technological shifts have made the region such an attractive target? Please provide a detailed example of how attackers are exploiting these new vulnerabilities.
The explosion in attacks is really a perfect storm of several converging factors. You have this rapid digitalization across regional economies, which is fantastic for growth but has inevitably outpaced the deployment of mature security infrastructure. This creates a massive, and often vulnerable, attack surface. We’re also seeing a strategic pivot by the attackers themselves. They’ve shifted from simple disruption to a more lucrative model of data-leak extortion. For example, instead of just locking down a manufacturer’s network, an attacker will first steal their proprietary designs and client lists. Then they use the threat of releasing that sensitive data publicly as leverage, which is often a more powerful motivator for payment than just operational downtime. This is compounded by the increased exploitation of edge devices—think IoT sensors on a factory floor or remote-access points for employees—which are notoriously difficult to secure.
Stolen credentials are a primary entry point, with access broker activity up 38%. Besides standard phishing, what are the most common ways credentials are being harvested, and what are the first three practical steps an organization should take to mitigate this threat?
While phishing is still a huge problem, the credential harvesting we’re seeing now is much more sophisticated and ecosystem-driven. Infostealer malware, often delivered through seemingly legitimate software downloads or malicious ads, is a major culprit. It quietly scrapes saved passwords from browsers and applications. We’re also seeing a thriving underground economy, particularly on Spanish-speaking forums, where initial access brokers sell validated login credentials to the highest bidder. This makes launching a major attack incredibly efficient for ransomware gangs. To counter this, the first practical step is deploying robust multi-factor authentication everywhere possible; it’s the single most effective barrier. Second, organizations must implement continuous monitoring for credential exposure on the dark web. And third, they need to establish strong governance over edge devices and remote access points, ensuring they aren’t the weak link in the chain.
Over 5% of organizations in the region experienced a ransomware attack, with healthcare and manufacturing being prime targets. What makes these two sectors so uniquely vulnerable, and could you walk us through a typical ransomware attack sequence you’ve observed against them?
Healthcare and manufacturing are uniquely vulnerable because downtime is not just an inconvenience; it can be catastrophic, even life-threatening. Attackers know this and exploit the immense pressure these organizations are under to restore operations immediately. For a hospital, a network lockdown can delay surgeries and compromise patient data. For a manufacturer, it halts production lines, causing massive financial losses. A typical attack starts with stolen credentials purchased from an access broker. The attacker then gains a foothold, moving laterally and quietly through the network for days or weeks to map out critical systems—like patient record databases or industrial control systems. Once they have control, they execute the ransomware, encrypting everything. The final blow is the extortion demand, which now almost always includes the threat of leaking the sensitive patient or intellectual property data they exfiltrated earlier.
Some data points to Brazil and Mexico as the most targeted countries, while other findings highlight Jamaica and Peru. What factors could explain these different perspectives, and how do a country’s cross-border business connections influence the types of threats it faces?
The discrepancy in reporting often comes down to methodology and the specific types of threats being tracked. Some research might focus on the sheer volume of attacks, where smaller nations like Jamaica or Peru could show a higher per-capita rate of certain malicious traffic. On the other hand, firms like CrowdStrike focus on targeted, high-impact intrusions like ransomware and data extortion, which naturally leads them to the region’s economic powerhouses: Brazil and Mexico. These countries have enormous digital footprints and extensive cross-border business connections, particularly with North America and Europe. This makes them incredibly attractive targets for financially motivated criminals who can exploit those supply chain and financial links for greater impact and profit. Essentially, the more economically interconnected a country is, the more complex and financially driven the threats it will face.
China-linked cyber-espionage campaigns are reportedly increasing against government and telecom entities. How do the motives and methods of these state-sponsored actors differ from financially motivated criminals, and what unique, long-term risks do they pose to national infrastructure?
The difference is night and day, and it comes down to intent. A financially motivated criminal wants to get in, steal something of value, and get out as quickly as possible to monetize their efforts. Their methods are often loud and destructive, like ransomware. State-sponsored actors, in contrast, play the long game. Their goal isn’t a quick payday; it’s strategic advantage through espionage. They target government, telecom, and military organizations to steal state secrets, intellectual property, or gain persistent access to critical infrastructure. Their methods are stealthy and sophisticated, designed to go undetected for years. The long-term risk is existential. Having a foreign adversary with a hidden backdoor into your nation’s power grid, telecommunications backbone, or military networks poses a profound threat to national sovereignty and security.
As 91% of organizations using generative AI see risky prompts, what are the most significant data exposure risks you’re observing? Please provide a specific example of how an employee’s seemingly innocent prompt could lead to a major security incident.
The biggest risk is inadvertent data leakage from well-meaning employees who don’t understand how these AI models work. They treat the AI like a private, secure tool, but they’re often sending corporate data to a third-party server for processing. A perfect example would be a marketing manager trying to be efficient. They might copy a confidential spreadsheet with upcoming product launch details, customer names, and pricing strategies, and paste it into a public generative AI tool with a prompt like, “Summarize this data into a presentation for the quarterly review.” In that moment, all that sensitive, proprietary information has left the company’s secure environment. It could be used to train the AI model, be retained in logs, or potentially be exposed in a breach of the AI provider, creating a massive security incident from one seemingly harmless action.
What is your forecast for the evolution of cyber threats in Latin America over the next two years?
I believe the pressure on the region will only intensify. We’re going to see a continued acceleration of ransomware and data extortion attacks, becoming more targeted and aggressive, especially as attackers refine their use of AI to find vulnerabilities and craft convincing phishing campaigns. The line between financially motivated crime and state-sponsored activity will likely become even blurrier, as national interests and criminal enterprises find common ground. As organizations rush to adopt generative AI, we’ll see a surge in security incidents related to data exposure, making GenAI governance a critical, non-negotiable priority. For any organization operating in Latin America, building resilience—not just prevention—will be the key to survival.