Latin America and the Caribbean can now lay claim to an unenviable status: cyberattackers’ favorite region to target with cyberattacks.
Organizations in Latin America saw an average of 3,065 attacks per week last year, a year-over-year surge of 26%, leapfrogging Africa as the top geographic region for cyber-risk, according to the latest data from Check Point Research. About three-quarters (76%) of organizations suffered information disclosure attacks, while a majority also encountered attempts at remote code execution and authentication bypass.
More than 5% of organizations in the region also suffered ransomware attacks, says Angel Velasquez, security engineering manager for the Latin American region at Check Point Software.
“Attacks are rising due to a shift toward data-leak extortion …, [a] surge in credential-stealing campaigns, increased exploitation of edge devices, and the growing use of AI by attackers,” he says. “We expect ransomware activity to continue accelerating next quarter with more frequent and targeted attacks, especially against healthcare and manufacturing.”
Cyber-threat actors’ focus on Latin America does not come as a surprise. Nearly a year ago, Check Point noted that attacks in Latin America were rising faster than any other region. In addition, cybersecurity firm CrowdStrike has seen a similar significant increase in attacks in the region with ransomware and extortion attacks up 15% and a significant increase in credential-based intrusions.
Latin American organizations see about 40% more attacks than the global average. Source: Check Point Research
While Check Point noted organizations in Jamaica, Paraguay, and Peru had suffered the most attacks, CrowdStrike saw a different picture: Brazil, Mexico, and Argentina consistently ranked as the most targeted countries, especially for ransomware gangs and initial access brokers, says Adam Meyers, head of counter adversary operations at CrowdStrike.
“These markets have large digital footprints and extensive cross-border business connections, making them attractive to financially motivated cybercriminals and, in some cases, selective nation-state actors targeting government or infrastructure entities,” he says.
Easy Initial Access
While governments in the region are looking to bolster their infrastructure’s cyber resilience, in part by working with various global cyber powers, they are potentially opening the door to more attacks by working with Chinese technology vendors and investigating the use of spyware for domestic surveillance, according to CrowdStrike’s “2025 Latin America Threat Landscape Report.”
Easy access to stolen credentials has fueled many attacks, with CrowdStrike seeing a 38% rise in activity among brokers in the region, Meyers says.
“This activity is reinforced by regionally focused adversaries … that sell access and tooling through Spanish-speaking underground forums, making attacks more efficient and repeatable,” he says. “Looking ahead, we expect continued pressure from ransomware and data extortion, particularly where credential-driven access remains effective.”
The causes of Latin America and the Caribbean’s rise to the top targeted region are similar to those that made Africa a top target, including the rapid digitalization of regional economies, valuable yet vulnerable industries such as manufacturing and financial services, and an influx of cybercriminal and nation-state interest, Check Point’s Velasquez says.
“Exploitation of local unrest, such as the activity in Venezuela, allows the spread of disinformation and other disruptive attacks,” he says.
In the Crosshairs
Major cyber powers have also become more interested in the region. China-linked cyber operations have increased activities in the region, conducting cyber-espionage campaigns against government, telecom, and military organizations, according to CrowdStrike’s Meyers. The recent US military operations in the Caribbean and Venezuela likely had a cyber component as well.
“Latin America now sits at the intersection of global and regional threat activity,” Meyers says, adding, “While state-sponsored activity is lower in volume than financially motivated crime, it’s strategically significant and reflects how Latin America has evolved from a peripheral geography to a key focus area for sophisticated adversaries.”
While companies in the region are benefitting from AI, they are also running cyber-risks, according to the Check Point report. The vast majority of organizations (91%) using generative AI tools saw risky prompts, with about 3% of prompts posing a risk of leaking sensitive data and a quarter of prompts including potentially sensitive data.
“As organizations enter 2026, improving ransomware resilience and enforcing generative AI (GenAI) governance controls will remain critical priorities for reducing operational and data exposure risk,” the company said.
