In 2020, a virus on Facebook Messenger compromised thousands of accounts in a matter of hours. In 2026, the threats are incomparably more sophisticated. Here’s how the landscape has evolved and how Keptos your business.
In 2020, a curious—and alarming—phenomenon spread through Facebook Messenger: thousands of users received messages from their own contacts containing a link to a supposedly compromising video or photo. When they clicked on the link, their accounts were hijacked, and the malware was automatically forwarded to all of the victim’s contacts. Within hours, the virus had multiplied by the millions.
Today, that attack seems almost quaint compared to what companies are facing in 2026. Keptos supported dozens of international organizations throughout that transformation—and in this article, we explain exactly how the landscape has evolved and what we’re doing today to keep our clients safe.
The success of the Messenger virus was not due to its technical sophistication, but to something much more fundamental: trust. A message from a friend or colleague piqued curiosity without arousing suspicion. The attack exploited human psychology, not a software flaw.
At the time, this incident served as a turning point for many IT departments. However, most companies responded by installing more antivirus software or blocking certain URLs, without addressing the underlying problem: employees were not prepared to recognize a social engineering attempt.
That gap remains one of the main causes of security breaches in 2026.
If the Messenger virus was a shotgun, today's cyberthreats are precision-guided missiles. The most significant changes:
Ransomware groups have refined their model. Today, they conduct weeks of preliminary reconnaissance before carrying out the encryption, exfiltrate data before locking down systems, and threaten to publish it if the ransom isn’t paid. The average impact of an attack on a medium-sized company exceeds one million dollars in direct and indirect costs. Subsidiaries of multinational corporations are particularly attractive targets: they have resources, but often have less stringent security coordination than headquarters .
Phishing emails in 2020 were easy to spot: grammatical errors, suspicious domains, generic messages. Those in 2026 are a different story. Generative AI makes it possible to create perfectly crafted messages in the recipient’s native language, mimicking the tone and style of the legitimate sender, with references to real projects or conversations extracted from social media or previous leaks. Distinguishing them at a glance is virtually impossible without specific training.
Corporate email fraud has become one of the most costly sources of financial loss for companies. The attacker compromises the account of a supplier or executive, monitors communications for weeks, and, just when a legitimate transfer is expected, intervenes to divert the funds. In companies with subsidiaries in multiple countries—such as many of those that work with Keptoscoordination between offices can become a vulnerability if there is no robust verification protocol in place.
It is no longer necessary to attack the target company directly. All it takes is compromising one of its software, cloud services, or IT maintenance providers. The SolarWinds attack served as a warning. Since then, dozens of medium-sized companies have suffered breaches through seemingly trustworthy third-party tools. Today, the security perimeter includes all providers that have access to your systems.
Keptos managing IT infrastructure Keptos 30 years. During that time, we have seen technological trends come and go, economic crises, and threats of all shapes and sizes. What the Messenger virus, the rise of ransomware, and the proliferation of AI-powered phishing have taught us is that security isn’t a product you install—it’s an ongoing practice.
That is why we have radically transformed our offerings over the past five years:
If you manage a European subsidiary in Mexico, if you operate in regulated sectors such as the pharmaceutical industry, or if your organization handles sensitive international data, the level of threat to which you are exposed is significantly higher than that of the average domestic company.
Attackers know that subsidiaries of multinational headquarters often have resources, poor coordination with headquarters and security standards that are not always properly implemented from Europe. This combination makes them prime targets.
Keptos precisely to bridge that gap. Since our founding in 1996, we have worked with organizations that operate across two or more regulatory frameworks, two or more corporate cultures, and two or more languages. We know how to build secure environments that work within that specific context.
If the memory of that Messenger virus makes you concerned about your organization's current security posture, now is the best time to review it.
30 minutes with one of our directors. No sales pitch—straight to the point.