Information disclosure is the most common vulnerability exploit type in Latin America, impacting 75% of organisations.

Cl0p claimed responsibility for targeting companies using unpatched versions of Cleo's MFT products in December 2024.

Nearly one-third (26.6%) of finance threat actors are attributed to "Other", which includes emerging or short-lived groups, highlighting a more fragmented and unpredictable ransomware landscape.

Infostealer malware attacks have surged by 58% in Latin America.

52% of observed ransomware victims in Q2 2025 were based in The United States.

65% of third-party vendors are not maintaining current patch levels, which exposes financial institutions to inherited risk from known vulnerabilities (CVEs) and potentially unpatched zero-day vulnerabilities in legacy technologies.

Over 83 zero-day vulnerabilities were actively exploited in real-world campaigns.

As of mid-2025, only 55 ransomware victims have been disclosed in the financial sector.

There has been a 45% year-over-year rise in active ransomware groups.

Ransomware rose by 21% in 2024.

There were 156 disclosed ransomware victims in the financial sector in 2024.

23% of observed ransomware victims in Q2 2025 were based in Singapore.

66% of hotel IT and security executives expect a rise in attack frequency during the summer 2025 travel season.

In 2025, 78% of organisations in the critical sector use four or fewer OT vendors for cybersecurity.

42% of hotel IT and security executives say weaknesses in third-party systems like payment processors and booking platforms increase their cybersecurity risk.

Adoption of dark web monitoring among hotels is 26%.

In January 2025, a threat actor offered on-demand deepfake image creation services for defeating KYC checks, mentioning tools like DeepFaceLive, DeepFaceLab, and AI Voice Changer, having bypassed KYC checks from two different cryptocurrency exchanges.

Adoption of penetration testing among hotels is 28%.

81% of organisations in the critical sector self-assess their OT cybersecurity maturity at Level 3 or 4 on a five-level scale (0–4).

58% of hotels were targeted by five or more attacks during summer 2024.