A FortinetA global cybersecurity company identified 314.8 billion malicious activities targeted at Brazil in the first half of 2025. The die is part of the Global Threat Scenario report, prepared by FortiGuard Labs, the company's threat intelligence laboratory. The survey analyzed cyber behavior in Latin America and Canada during the period, detecting over 374 billion attack attempts — of which 84% were directed at Brazil. To a lesser extent, Mexico (10.8%), Colombia (1.89%), and Chile (0.1%) complete the list of the most affected countries in the region.
The report presentation took place during the Fortinet Cybersecurity Summit Brazil 2025 (FCS 2025), one of the largest cybersecurity events in Latin America. On that occasion, it was revealed that Brazil also concentrated 41.9 million malware distribution activities – software designed to cause damage or gain unauthorized access to computer systems – and 52 million actions related to botnets, which can enable remote control of infected devices.
"By presenting the main cyber threat data from Latin America and Canada at FCS 2025, we reinforce our commitment to transparency, collaboration, and market preparedness against digital risks. Turning data into strategic knowledge is the first step to creating a more mature and effective security culture in Brazil," comments Frederico Tostes, Country Manager of Fortinet Brazil.
The study considers the cyber destruction chain model, which analyzes each stage of an attack — from reconnaissance to final execution. In Brazil, the main detected vectors include 1 billion brute-force attacks and 2.4 billion vulnerability exploitation attempts. In the recognition phase, 2 billion active checks were detected. After delivery, 4 million drive-by download attempts (unintentional software downloads) and 662,000 malicious Office-type files.
In the installation stage, there are 12 million Trojans, malware that disguises itself as legitimate software to deceive the user, and 67,000 attempts of unauthorized cryptocurrency mining (CryptoMiner). In the final phase, action and objectives, the country recorded 309 billion denial-of-service (DDoS) attempts and 28,100 ransomware incidents – malware that encrypts the victim's data and demands a ransom to restore access.
According to Alexandre Bonatti, VP of Engineering at Fortinet Brazil, another highlight of the report is the focus of threats on the impact phase. In Brazil, 98.11% of the malicious activities identified are directly linked to actions with a final impact. Only 1.01% correspond to the initial access stage. This indicates a scenario of increasingly targeted, rapid attacks focused on disruption or extortion. In this context, attention should not only be on preventing the attack but also on how to respond and quickly contain its effects, analyzes the executive.
Frederico Tostes comments that the increasing complexity and volume of attacks reinforce the urgency of integrated, proactive, and continuous cybersecurity strategies. By releasing this report during FCS 2025, we reaffirm Fortinet's commitment to supporting companies and institutions in protecting their digital assets, based on global intelligence and cutting-edge technology.
Fortinet structures its threat intelligence operations around a continuous cycle consisting of six stages: targeting, collection, processing, analysis, dissemination, and feedback. This approach ensures quick and sustained responses to emerging threats, with real-time updates for your systems and clients.
Digital risk: 314 billion malicious activities detected in Brazil in the first half of 2025
