Fortinet a global cybersecurity company, identified 314.8 billion malicious activities targeting Brazil in the first half of 2025. This data is part of the Global Threat Landscape report, prepared by FortiGuard Labs, the company's threat intelligence laboratory. The survey analyzed cyber behavior in Latin America and Canada during that period, detecting more than 374 billion attack attempts—84% of which were directed at Brazil. To a lesser extent, Mexico (10.8%), Colombia (1.89%), and Chile (0.1%) complete the list of the most affected countries in the region.
The report was presented during the Fortinet Cybersecurity Summit Brazil 2025 (FCS 2025), one of the largest cybersecurity events in Latin America. At the event, it was revealed that Brazil also accounted for 41.9 million malware distribution activities – software designed to cause damage or gain unauthorized access to computer systems – and 52 million actions related to botnets, which can allow remote control of infected devices.
“By presenting the main cyber threat data for Latin America and Canada at FCS 2025, we reinforce our commitment to transparency, collaboration, and market preparedness in the face of digital risks. Transforming data into strategic knowledge is the first step in creating a more mature and effective security culture in Brazil,” comments Frederico Tostes, Country Manager for Fortinet Brazil.
The study considers the cyber destruction chain model, which analyzes each stage of an attack — from reconnaissance to final execution. In Brazil, the main vectors detected include 1 billion brute-force attacks and 2.4 billion attempts to exploit vulnerabilities. In the reconnaissance phase, 2 billion active checks were detected. In the delivery phase, there were 4 million drive-by download attempts (unintentional software downloads) and 662,000 malicious office-type files.
In the installation phase, 12 million Trojans stand out – malware that disguises itself as legitimate software to deceive the user – and 67,000 unauthorized cryptocurrency mining attempts (CryptoMiner). In the final phase, focusing on action and objectives, the country registered 309 billion denial-of-service (DDoS) attempts and 28,100 ransomware incidents – malware that encrypts the victim's data and demands a ransom to restore access.
According to Alexandre Bonatti, VP of Engineering at Fortinet Brazil, another highlight of the report is the focus of threats in the impact phase. “In Brazil, 98.11% of identified malicious activities are directly linked to end-impact actions. Only 1.01% correspond to the initial access stage. This indicates a scenario of increasingly targeted, rapid attacks aimed at disruption or extortion. In this scenario, attention should not only be focused on preventing the attack, but also on how to respond and quickly contain its effects,” analyzes the executive.
Frederico Tostes comments that the increasing complexity and volume of attacks reinforce the urgency of integrated, proactive, and continuous cybersecurity strategies. “By releasing this report during FCS 2025, we reiterate Fortinet's commitment to supporting companies and institutions in protecting their digital assets, based on global intelligence and cutting-edge technology.”
Fortinet structures its threat intelligence operations based on a continuous cycle composed of six stages: targeting, collection, processing, analysis, dissemination, and feedback. This approach ensures rapid and sustained responses to emerging threats, with real-time updates for its systems and clients.
Digital risk: 314 billion malicious activities detected in Brazil in the first half of 2025.
RELATED ARTICLES
