Nowhere in the world has cyber threat activity been growing faster than in Latin America, thanks in part to relatively rapid digital adoption on the part of businesses in the region, combined with relatively stagnant cybersecurity growth.
Last year, researchers at Check Point tracked a 53% year-over-year rise in weekly cyberattacks in Latin America, and as of 2026, they confirmed it to be the most heavily targeted region on the planet.
In an updated, unpublished March 2026 threat report shared with Dark Reading, Check Point found that Latin American organizations currently face an average of around 3,100 cyber threats per week. By comparison, in recent months, their counterparts in the United States have averaged just under 1,500.
The difference isn’t only in volume, either. In some respects, the nature of cyberattacks in each region differ significantly, right down to the smallest details: where they come from, what form they come in, etc.
North & Central/South American Cyberattacks Diverge
Certain categories of cyberattack are just more common in Latin America, be they ransomware hits (accounting for 5.4% of attacks last month vs. 3.1% in the US) or those involving infostealers (5.3% vs. 2.1%), banking malware (2.8% vs. 0.8%) or botnets (13.1% vs. 7.2%). In contrast, certain file types, like Microsoft Excel spreadsheets (XLS, XLAM) show up more often in enterprise-focused US attacks, but hardly register down south.
Most notable amongst all of Check Point’s recent data, though, is a disparity in how attacks are first initiated. A stunning 95% of malicious files in the US last month were delivered via the Web — compromised websites, drive-by downloads, malvertising, etc. By contrast, that number was just 26% in Latin America, with email making up the other 74%.
“Phishing campaigns continue to be extremely effective in the [Latin America] region, particularly those impersonating financial institutions, payment notifications, invoices, travel confirmations, or government communications,” says Julio Lemus, security engineer and office of the chief technology officer (CTO) at Check Point. “This could be due to a lack of cyber awareness by average businesses and consumers.”
Threat actors also take interest in different sectors, depending on whether they’re attacking countries in North or South America. For instance, healthcare was the ninth most victimized US sector in Check Point’s data last month. For multiple months in a row it has topped the Latin American list, and in February it was targeted around 28% more than the next most targeted sector (education). The financial services industry, which didn’t make Check Point’s Top 10 in the US, ranked as the sixth most targeted in Latin America.
Why Hackers Pick on Latin America
In its 2025 Cybersecurity Report, the Organization of American States (OAS) and Inter-American Development Bank (IDB) assessed the overall cybersecurity maturity of countries across Latin America and the Caribbean. They used the OAS and Oxford University’s Cybersecurity Capacity Maturity Model for Nations (CMM), which, though rather complex, can vaguely score countries on a scale from 0 to 5, with five representing world-leading cybersecurity maturity, and zero representing total immaturity.
The results of the analysis were unimpressive. “The security level of maturity for most of the countries were scored between 2 and 3,” recalls Carlos Borges, senior intel analyst with Intel471.
Borges, who’s from Brazil, thinks, “We do have many big companies, particularly in the financial industry, that have good resources to protect themselves. But if you look at how it is in general, most companies of medium-size and low-size are still fragile, and of course they are susceptible to more opportunistic actors.”
Even some of those larger organizations underwhelm, though. Borges points to the high-profile supply chain incident at Brazilian fintech provider C&M Software last July as a case in point. “They had an insider that worked with a cybercrime group. [They] stole funds from the customers of this company, and it reached hundreds of millions of dollars from the core financial system in Brazil, operated by the Brazilian Central Bank. Two months later, the same company was also breached by the Dragonforce ransomware group. That speaks a little to how even those companies that are particularly involved with more resourceful industries are still susceptible.”
Check Point’s Lemus also attributes the disparity between Latin America and the rest of the world to differing maturity levels, but also cites a variety of other economic and technological factors. For example, he says, “many organizations in the region operate with mixed IT environments and uneven security investments, which creates opportunities for attackers looking for easier entry points.”
Another factor, he adds, “is that cybercriminal groups increasingly view Latin America as a high-return region for fraud and extortion, where attacks can still succeed with relatively simple techniques such as phishing or credential theft. As a result, attackers often scale campaigns across multiple organizations simultaneously, which contributes to the higher weekly attack averages.”
Source: www.darkreading.com…