Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America.
IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that X-Force responded to, followed by Colombia with 17% and Mexico with 8%. Peru and Chile split the remaining 8% of incidents.
In the face of rising incident volumes, the cybersecurity professional shortage is still a serious issue. According to the (ISC)2 Cybersecurity Workforce Study 2022, 3.4 million trained cybersecurity professionals are needed worldwide to deal with all of the cybersecurity attacks and help organizations minimize the impact of cybersecurity breaches.
As the talent shortage continues and threat actors refine their methods, cybersecurity professionals rely on a wide range of tools to stay ahead. There are paid commercial tools and free, open-source tools corresponding to a varied ecosystem of utilities designed in different programming languages (Python, Perl, Bash, PowerShell, etc.). These tools enable the automation of tasks to preserve and analyze artifacts related to forensic analysis and incident response, such as random-access memory (RAM), event logs, network connections, browsing histories, cache and more
One such tool is Tequila OS 2.0.
What is Tequila OS 2.0?
Students from the National Autonomous University of Mexico developed Tequila OS 2.0, the first Linux distribution in Latin America, specializing in performing forensic analysis in Spanish.
Tequila OS 2.0 is based on GNU/Linux and is easy to use. All users have to do is download the file with an ISO extension, create the virtual machine and run it. Alternatively, the user can download the files to run directly in a virtualization tool and enter the following credentials:
- Username: “forense”
- Password: “unam”
Once the Tequila OS 2.0 desktop is authenticated, it displays the following screen:
Image 2: Tequila OS 2.0 desktop
Tequila OS 2.0 Forensic Analysis Tools
Tequila OS 2.0 contains different tools that can perform forensic analysis and incident response, which are found in the “/Forense/” folder.
Image 3: Tequila SO 2.0 distribution tools
The tools are classified into different folders, each containing software such as Autopsy Forensic, Foremost, MyRescue, PhotoRec, Volatility, Exiftool, Metacam, Wireshark, Ghex, Galleta, Hashcat, ClamAV, Yara, Ophcrack, Jhon and Veracrypt, to name a few.
The main advantages of using Tequila OS 2.0 are:
- Number of tools: Tequila OS 2.0 has around 60 tools for analysis and response to cybersecurity incidents.
- Constant updates: The developers offer regular updates free of charge.
- Automatic assembly: One-click mounting and unmounting of storage media are quick and easy.
- Manuals in Spanish: Within the distribution itself, manuals in Spanish provide useful guides for all the tools.
- Minimum memory requirement: Tequila OS 2.0 requires less than 1 GB of RAM to run.
- Compatibility: Tequila OS 2.0 is compatible with any virtualization software.
As part of the Tequila project, an additional set of tools called Agave performs incident response in a Windows operating environment. To learn more about Agave and its incident response capabilities, check back for our future articles digging into its exciting potential.
Tequila OS 2.0 has proven to be the only one of its kind in Latin America as it is primarily focused on cybersecurity incident response activities. Over the course of its evolution, Tequila OS 2.0 has a higher stability compared to its predecessor, a more intuitive user interface, optimized performance, manuals in Spanish, more than 60 tools for cybersecurity incident response analysis, and it is compatible with any virtualization tool. These aspects make Tequila OS 2.0 an attractive Linux operating system option for all types of users in Latin America — and the world.
Security Services Managing Consultant, IBM X-Force IR