Mexico Leads Latin America in Cyberattack Attempts
According to the Fortinet Global Threat Landscape Report 2025, Mexico received a staggering 324 billion cyberattack attempts throughout 2024, significantly surpassing the regional average in Latin America.
The report, which examines the behavior of cybercriminals and common global tactics, highlights a surge in the intensity, sophistication, and volume of attacks in Latin America, with Mexico as the central figure.
Mexico’s Attractiveness to Cybercriminals
Mexico’s volume of attack attempts far exceeds the Latin American average, which accounted for only 11.1% of global exploitation attempts. This disparity suggests that Mexico, as an emerging digital economy, has garnered particular attention from cybercriminals.
For comparison, the Asia-Pacific region concentrated 42.4% of attacks, followed by Europe, the Middle East, and Africa (26.3%), and North America (20.2%).
In countries like the United States and the United Kingdom, attacks targeted sectors such as manufacturing, business services, and retail. In Mexico, the pattern aligns: industrial and service sectors are particularly vulnerable, especially with the proliferation of misconfigured IoT devices and outdated software systems.
The Booming Cybercrime Industry
One reason for the surge in attacks in Mexico is the industrialization of cybercrime. AI-powered tools like FraudGPT, BlackmailerV3, and ElevenLabs enable attackers to automate malware generation, phishing site creation, and synthetic voice production.
This phenomenon democratizes access to cybercrime: expert hacking skills are no longer required; all that’s needed is a credit card and access to clandestine forums.
Moreover, the market for initial access to corporate networks is thriving. Darknet platforms sell compromised credentials, VPN access, and administrative panels.
In 2024, the number of stolen records in circulation increased by 42%, and Mexico became an easy target. Infostealers like Redline and Vidar fueled this trend, feeding forums with 1.7 billion stolen credentials throughout the year.
Massive and Automated Scanning
One of the primary reasons for this malicious activity explosion is the widespread use of automated scanning tools.
In 2024, active internet scanning grew by 16.7% globally, reaching 36,000 scans per second. In Mexico, this tactic was crucial for mapping vulnerabilities before organizations could apply security patches.
The most used tool was SIPVicious, responsible for nearly half of all globally detected scans. Although originally designed for auditing, it has been fully adopted by malicious actors.
Cloud Attacks and Identity Theft
Mexico’s adoption of cloud computing has also introduced new risks, according to the report. 70% of cloud attacks begin with logins from unusual geographic locations.
In cloud environments, attackers combine identity theft, API abuse, and privilege escalation to maintain persistent access.
The 324 billion cyberattack attempts in Mexico during 2024 are more than just a warning. As the country moves towards a more robust digital economy, it also becomes a more visible target for a borderless criminal industry that doesn’t need passports to operate.
Key Questions and Answers
- What does the 324 billion cyberattack attempts figure mean? It signifies the immense scale of cyber threats Mexico faced in 2024, emphasizing the need for robust cybersecurity measures.
- Why is Mexico a prime target for cybercriminals? Its emerging digital economy and vulnerable industrial and service sectors make it an attractive target.
- How has AI impacted cybercrime in Mexico? AI-powered tools have democratized access to cybercrime, enabling less skilled individuals to carry out sophisticated attacks.
- What role does automated scanning play in the surge of cyberattacks? Widespread use of automated scanning tools has allowed attackers to efficiently identify and exploit vulnerabilities in Mexican systems.
- How do cloud computing and identity theft contribute to cyber threats in Mexico? The growing use of cloud computing has introduced new risks, while identity theft enables attackers to maintain persistent access in targeted systems.
