Why is there a wave of cyberattacks in Colombia and the country is so vulnerable?
From EPS Sanitas to the drug marketer Audifarma, companies in Colombia have been exposed to cyberattacks in recent months, affecting their operations and also showing the fragility of the South American country in an issue that still has not been developed as it should despite the ‘boom’ of these cases.
One of the most recurring components within the computer attacks on companies in Colombia in recent months is that they seek to generate direct effects on the operation, mainly through the execution of different types of malware simultaneously.
According to the cybersecurity company Lumu Technologies, among the types of malware that are best known today are crypters (they encrypt asset information), infostealers (they steal information to sell it on the dark web), cryptominers (they use the computing power of the companies violated to carry out cryptocurrency mining) and wipers (they delete, destroy or make the key information of the victim organizations unavailable).

“Cybercriminals increasingly seek to disrupt access to essential services for society. The recent attacks show that any type of organization, regardless of its size, whether it is public or private, is exposed to being a victim of a cyberattack,” said Germán Patiño, a specialist in the area at Lumu Technologies, to Bloomberg Línea.
Among the possible reasons for this wave of cyberattacks on Colombian companies is that hackers are discriminating between countries that show less or more preparation in cybersecurity.
“In this way, they are able to identify organizations with the capacity to detect ransomware precursors in time and thus be able to respond accurately to the actions of criminals. Preparation is everything in cybersecurity,” he stated.
“When organizations understand that attacks on their technology can bring higher costs than those implied by preventive actions, they will work to minimize their exposure to risk. They must remember that a cyberattack can not only cause monetary losses, but also affect their operations and reputation,” says the manager in Latin America of Fluid Attacks, Felipe Gómez.
Regarding the most recent cases, the Keralty group (owner of EPS Sanitas) acknowledged that the computer attacks affected its computer servers and that in the process the confidentiality of the data of some people had been affected, for which they contacted directly with them so that they could take the necessary measures.
For its part, Audifarma reported that it had had to disable its physical and virtual servers after suffering a cyberattack in order to shield the information of the organization and that of the users.
Not even public entities have been safe from cyberattacks and in October last year the computer systems of the National Institute for Food and Drug Surveillance (Invima) were compromised and some files were even encrypted.
Already in November 2021, the National Administrative Department of Statistics (Dane) had suffered a cyber attack that left its page inoperative for at least six days, in a case that was brought to the Colombian justice system and that has yet to be fully clarified.
BLACKCAT, THREAT IN COLOMBIA
Computer security specialists have shown the technological sophistication of the attacks and that many of these are ransomware from the BlackCat or ALPHV family, which have the ability to “execute more complete payloads, enable more sophisticated evasion techniques so as not to be detected by devices security commons, and infect multiple devices and operating systems,” according to Lumu.
Until the end of December, Colombia registered an impressive 133% increase in the number of institutions affected by ransomware compared to the same period in 2021.
One of the biggest challenges continues to be that, despite the fact that the cases are more recurrent and aggressive, many companies they choose not to report it to avoid the consequences this may have on their reputation.
However, records of cybersecurity companies in Colombia shared with Bloomberg Línea show that companies in sectors as diverse as telecommunications, technology, health, education, among others, have been affected in the last year.

Fernando Castro, a specialist at the cybersecurity firm Nozomi Networks, said to Bloomberg Línea that the vulnerabilities present in the health sector systems have facilitated the theft of information in medical devices, affecting operations in the granting of appointments, procedures and even distribution of medicines.
“The complexity of the situation is that malicious actors can gain access to medical systems used in the aggregation of data from devices for analysis and monitoring on a larger scale. This manipulation could result in breakdowns, misinterpretation or even overdoses in the automatic supply of medication in case of not taking the appropriate measures to protect the entire medical infrastructure,” he warns.
In addition, he explains that although the attacks are directed at the IT business network, malicious agents can move laterally to the OT environment and interrupt the distribution of basic and essential services for people, as seen in recent cases of cyber attacks.
That is why they believe that, in order to have a much more effective preventive control, it is necessary to make all critical infrastructure visible, immediately identify any anomaly in OT and IoT environments and take the necessary actions to protect their most critical assets.
CYBERSECURITY INTEGRATION IS STILL INSUFFICIENT
Although cybersecurity has become more relevant in public discussion and is no longer seen as an expense, there are still many challenges for companies to really integrate these solutions into their operations and, above all, develop specialized units to address these issues.
The pandemic was a trigger for investments in this area to increase in Colombia and, according to figures from the Boston Consulting Group, for 2020 they were located at US$303 million to then jump in 2021 to around US$329 million.
According to the projections of that firm, spending on cybersecurity in Latino companies could present an annual growth rate of 8% until 2024 and by then reach US$8 billion, as this area becomes more of a priority.
“Cyberattacks have become increasingly common due to the benefits that attackers find by executing information theft, hijacking of company services and infrastructures, since they see that they can have great economic rewards and even access to more complex systems and even more profitable,” says Fernando Castro, specialist at Nozomi Networks
The Latin American manager of the cybersecurity firm Fluid Attacks, Felipe Gómez, tells Bloomberg Línea that the growth in the number of cyberattacks in Colombia is related to a global increase and is not an independent phenomenon.
“Colombia, like the rest of the countries in the world, is vulnerable to attacks because only some industries are still regulated to perform security tests on their technology and comply with certain international standards”, he said.
“Errors in technology will continue to exist, whether they are the product of its development or configuration. What companies need to understand is that they have to allocate human and financial resources to keep their technology products secure and protect the information and assets of their customers or users,” he commented.
Fluid Attacks shared attack prevention recommendations for companies:
- Add cybersecurity as a key point in the board of directors: Cybersecurity is an issue that must be addressed at the organizational level, not only from the information technology sector.
- Continuously security test technology and remediate its vulnerabilities: Organizations must continuously test the security of technology from the earliest stages of its development and before offering it to users.
- Measure risk with mathematical models: Organizations must know their level of exposure to cyberattacks, for which they must use quantitative models that indicate the probability of losing specific amounts of money.
- Educate users: Many attacks can be prevented when users get used to using complex passwords and changing them frequently. When they turn on multi-factor authentication, they learn to identify scams and dangerous emails, and update their operating system and other programs.
- Prepare an incident response plan: Organizations must be aware that there is a high and constant probability of suffering cyberattacks, for which they must form a response team and describe all the actions they will take to identify the causes of the attack, contain the effects and communicate with users.
With information from Bloomberg
Live Market IntelligenceColombia — Live Market Board
Rio Times · Live Market Intelligence
Colombia — Live Market Board
-0.30%
173,825.27
-1.24%
66,358.81
-0.08%
10,947.38
-0.70%
3,185,257
-3.22%
2,285.11
-0.30%
57,112.22
—
| Instrument | Last | Change | YoY | Prev. | High | Low | Volume |
|---|---|---|---|---|---|---|---|
| COLCAP | 2,285.11 | -0.30% | — | 9.04 | 9.05 | 9.02 | 4,133 |
| USD/COP | 3,227 | -0.13% | -19.58% | 3,231 | 3,228 | 3,224 | — |
| BRENT | 85.04 | +0.96% | +22.32% | 84.23 | 85.48 | 83.71 | 5,617 |
| WTI | 79.32 | +0.47% | +17.44% | 78.95 | 79.58 | 77.93 | 35,920 |
| ECOPETROL | 15.82 | -1.00% | +77.93% | 15.98 | 16.11 | 15.71 | 3,398,559 |
| BANCOLOMBIA | 79.47 | -2.55% | +72.09% | 81.55 | 81.02 | 79.00 | 266,189 |
| GRUPO AVAL | 4.97 | -1.19% | +64.57% | 5.03 | 5.11 | 4.93 | 95,799 |
| TECNOGLASS | 46.83 | +2.54% | -37.82% | 45.67 | 47.60 | 45.05 | 244,100 |
| CREDICORP | 387.44 | -2.70% | +71.76% | 398.20 | 396.51 | 387.08 | 366,048 |
| BUENAVENTURA | 30.17 | -1.76% | +78.20% | 30.71 | 30.57 | 29.43 | 922,592 |
| SOUTHERN COPPER | 175.66 | -3.24% | +88.65% | 181.54 | 180.15 | 174.49 | 1,394,237 |
In depth
LatAm Markets: Live Signals → — real-time movers, turnover leaders and FX across Latin America.
Read More from The Rio Times