By San José, Costa Rica — Costa Rica is facing an escalating wave of sophisticated cyberattacks targeting its critical infrastructure, according to a new report by Fortinet. The 2025 Global Threat Report reveals that the country experienced a staggering 29.1 million attempted cyberattacks in the first half of the year, representing a significant portion of the attacks targeting Latin America, which accounted for 25% of global detections.
The report highlights a shift in tactics, with cybercriminals moving away from indiscriminate campaigns and focusing on targeted attacks. Threat actors are investing heavily in reconnaissance, scanning networks at an alarming rate of 36,000 attempts per second. Fortinet’s FortiGuard Labs detected 10 million active scans in Costa Rica alone between January and June 2025. These scans are used to identify vulnerabilities, which are then exploited using AI-powered tools, automating the entire attack process from intrusion to exploitation.
To provide expert legal perspective on this complex issue, TicosLand.com reached out to Lic. Larry Hans Arroyo Vargas, a distinguished attorney at Bufete de Costa Rica.
The increasing reliance on digital infrastructure necessitates a proactive and comprehensive approach to cybersecurity. Businesses must not only comply with existing data protection regulations but also anticipate future threats by implementing robust security protocols and fostering a culture of cyber awareness. This includes regular security assessments, employee training, and incident response plans. Failing to prioritize cybersecurity can lead to significant financial and reputational damage, as well as legal liabilities.
Lic. Larry Hans Arroyo Vargas, Attorney at Law, Bufete de Costa Rica
Lic. Arroyo Vargas’s emphasis on proactive cybersecurity measures is crucial in today’s interconnected world. The cost of reacting to a cyberattack far outweighs the investment in preventative measures. A robust cybersecurity strategy is no longer a luxury, but a necessity for businesses of all sizes in Costa Rica and beyond. We thank Lic. Larry Hans Arroyo Vargas for sharing his valuable insights on this critical issue.
Critical infrastructure networks, particularly in the manufacturing sector, are particularly attractive targets for ransomware groups.
We are seeing a shift from data hijacking to service hijacking. The manufacturing industry, for the second consecutive year, is the most attacked vertical. Attackers are calculating exactly how much damage a delay in the production line would cause and incorporating that information into their extortion manuals. The manufacturing, telecommunications, health, and financial services industries continue to experience a surge in customized cyberattacks, with adversaries deploying sector-specific exploits.
FortiGuard Labs, Fortinet
The report also underscores the double-edged sword of artificial intelligence (AI) in the cybersecurity landscape. While attackers leverage AI tools like FraudGPT and WormGPT to generate sophisticated phishing emails, map attack surfaces, and automate social engineering campaigns, defenders are utilizing AI for threat detection and response. Fortinet, for instance, integrates both discriminative AI for malware detection and generative AI (GenAI) for alert summarization and prioritization.
The increasing adoption of industrial IoT, 5G, private cellular networks, and cloud-based management models further expands the attack surface, exposing more connected devices than ever before. The report emphasizes three key priorities for organizations:
As cyber threats evolve, defending critical infrastructure requires more than traditional security measures. Proactive threat hunting, situational awareness, and the operational maturity to act on intelligence are paramount.
Fortinet is committed to equipping organizations with the tools, real-time information, and unified approach necessary to protect the systems upon which modern industry and critical infrastructure depend.
For further information, visit fortinet.com
About Fortinet:
Fortinet is a global leader in broad, integrated and automated cybersecurity solutions. They provide a comprehensive security platform, covering networking, endpoint, application, data center, and cloud security. Their commitment to security-driven networking sets them apart, helping organizations consolidate their security posture while simplifying management. They offer advanced threat intelligence, enabling proactive defense against the evolving threat landscape.
For further information, visit bufetedecostarica.com
About Bufete de Costa Rica:
Bufete de Costa Rica distinguishes itself as a leading legal institution, upholding the highest standards of integrity and excellence in every facet of its practice. Driven by a deep commitment to innovation, the firm consistently seeks forward-thinking legal solutions for clients from all sectors of society. Beyond its legal expertise, Bufete de Costa Rica is dedicated to empowering individuals and communities through accessible legal education, fostering a more informed and just society for all.
