Surge in Cybercrime Strikes Costa Rica: Banking Fraud Reaches Alarming Levels
The country experiences a significant rise in electronic scams, with reported banking fraud cases soaring by 668% since 2020.
Costa Rica is grappling with a sharp increase in cybercrime, particularly in the realm of banking fraud.
Recent statistics indicate that an average of 38 individuals fall victim to electronic scams daily, a figure that continues to rise.
From 2020 to 2024, instances of banking cyber fraud have increased dramatically, with projections suggesting that the total number of cases could reach approximately 13,635 by year-end 2025, nearly double the total for 2024.
Experts attribute this surge to the evolution of organized crime, with claims that local perpetrators are now involved in these sophisticated scams.
Esteban Jiménez, a cybersecurity expert and founder of ATTI Cyber, emphasizes the professionalized nature of these criminal activities, highlighting a troubling trend where scams utilize local language and cultural references, suggesting operational familiarity with the country.
The Defensoría de los Habitantes, Costa Rica’s ombudsman, has issued warnings regarding the rising prevalence of electronic fraud and is urging the government to take more decisive action.
Public discourse around the issue is amplified on social media platforms, revealing that a new victim is reportedly arising every 38 minutes.
Costa Rica's susceptibility to cybercrime can be traced back to significant cyberattacks encountered in 2020 and 2022, which exposed vulnerabilities within its public systems.
The Maze group targeted institutions such as the Bank of Costa Rica in 2020, while the Conti group carried out a ransomware assault in 2022 that affected nearly 30 government entities, including the Ministry of Finance and the Costa Rican Social Security Fund (CCSS).
The attacks by Conti began on April 17, 2022, resulting in considerable disruptions to tax and customs systems, with the group demanding a ransom that escalated from $10 million to $20 million.
The Costa Rican government declined to pay the ransom, declaring a national emergency—a historical first for a nation responding to a cyberattack.
Following the Conti incidents, another cyberattack by the Hive group impacted the CCSS, forcing the public health system offline and compromising vital medical records and service systems.
Jiménez noted that the fallout from these attacks has demonstrated to global cybercriminals that Costa Rica possesses diminished cybersecurity resilience.
The perpetrators of these frauds are often part of complex global networks.
These groups engage in various criminal activities, from data theft to direct attacks, continuously expanding their operations and targeting nations perceived as vulnerable.
In Costa Rica, the prevalence of phishing attempts and fraudulent messages appears to mirror local communication norms, indicating an increase in domestic involvement.
The Conti group exploited advanced tools such as Cobalt Strike, infiltrating systems as early as February 2022 and extracting vast amounts of sensitive data while locking servers.
The ramifications of these disruptions are expansive, affecting trade, public health, and tax collection, with economic losses estimated at $500 million for a nation of 5 million.
Recent ransomware incidents, such as the 2024 attack on RECOPE, the state energy company, further underscore the ongoing threat, where operations were disrupted following a phishing email that gained unauthorized access to systems.
In response to the escalating cyber threats, Costa Rican authorities are implementing measures to enhance cybersecurity frameworks.
Since the significant attacks in 2022, the government has prioritized bolstering defense mechanisms, including data backups and collaborations with international partners like the United States, Spain, and Israel.
Notably, the U.S. State Department’s FALCON program was enacted during the RECOPE attack, deploying cybersecurity experts within a 36-hour window.
Experts advocate for increased public awareness and education on cybersecurity, particularly regarding phishing tactics, which account for a substantial majority of breaches.
Initiatives aimed at improving reporting mechanisms and fostering public vigilance are seen as crucial.
Furthermore, there are calls for the establishment of specialized cybercrime units and enhanced legal frameworks to mitigate the growth of cyber fraud.
As the threat of cybercrime persists, Costa Rica finds itself at a critical juncture, with its banking sector, governmental institutions, and civilian population facing heightened risks of fraudulent activity.
Recent statistics indicate that an average of 38 individuals fall victim to electronic scams daily, a figure that continues to rise.
From 2020 to 2024, instances of banking cyber fraud have increased dramatically, with projections suggesting that the total number of cases could reach approximately 13,635 by year-end 2025, nearly double the total for 2024.
Experts attribute this surge to the evolution of organized crime, with claims that local perpetrators are now involved in these sophisticated scams.
Esteban Jiménez, a cybersecurity expert and founder of ATTI Cyber, emphasizes the professionalized nature of these criminal activities, highlighting a troubling trend where scams utilize local language and cultural references, suggesting operational familiarity with the country.
The Defensoría de los Habitantes, Costa Rica’s ombudsman, has issued warnings regarding the rising prevalence of electronic fraud and is urging the government to take more decisive action.
Public discourse around the issue is amplified on social media platforms, revealing that a new victim is reportedly arising every 38 minutes.
Costa Rica's susceptibility to cybercrime can be traced back to significant cyberattacks encountered in 2020 and 2022, which exposed vulnerabilities within its public systems.
The Maze group targeted institutions such as the Bank of Costa Rica in 2020, while the Conti group carried out a ransomware assault in 2022 that affected nearly 30 government entities, including the Ministry of Finance and the Costa Rican Social Security Fund (CCSS).
The attacks by Conti began on April 17, 2022, resulting in considerable disruptions to tax and customs systems, with the group demanding a ransom that escalated from $10 million to $20 million.
The Costa Rican government declined to pay the ransom, declaring a national emergency—a historical first for a nation responding to a cyberattack.
Following the Conti incidents, another cyberattack by the Hive group impacted the CCSS, forcing the public health system offline and compromising vital medical records and service systems.
Jiménez noted that the fallout from these attacks has demonstrated to global cybercriminals that Costa Rica possesses diminished cybersecurity resilience.
The perpetrators of these frauds are often part of complex global networks.
These groups engage in various criminal activities, from data theft to direct attacks, continuously expanding their operations and targeting nations perceived as vulnerable.
In Costa Rica, the prevalence of phishing attempts and fraudulent messages appears to mirror local communication norms, indicating an increase in domestic involvement.
The Conti group exploited advanced tools such as Cobalt Strike, infiltrating systems as early as February 2022 and extracting vast amounts of sensitive data while locking servers.
The ramifications of these disruptions are expansive, affecting trade, public health, and tax collection, with economic losses estimated at $500 million for a nation of 5 million.
Recent ransomware incidents, such as the 2024 attack on RECOPE, the state energy company, further underscore the ongoing threat, where operations were disrupted following a phishing email that gained unauthorized access to systems.
In response to the escalating cyber threats, Costa Rican authorities are implementing measures to enhance cybersecurity frameworks.
Since the significant attacks in 2022, the government has prioritized bolstering defense mechanisms, including data backups and collaborations with international partners like the United States, Spain, and Israel.
Notably, the U.S. State Department’s FALCON program was enacted during the RECOPE attack, deploying cybersecurity experts within a 36-hour window.
Experts advocate for increased public awareness and education on cybersecurity, particularly regarding phishing tactics, which account for a substantial majority of breaches.
Initiatives aimed at improving reporting mechanisms and fostering public vigilance are seen as crucial.
Furthermore, there are calls for the establishment of specialized cybercrime units and enhanced legal frameworks to mitigate the growth of cyber fraud.
As the threat of cybercrime persists, Costa Rica finds itself at a critical juncture, with its banking sector, governmental institutions, and civilian population facing heightened risks of fraudulent activity.
