Beaches, carnivals and cybercrime: Kaspersky Lab shares insights on Brazilian cyber underground
Unique local cyberattacks and international cooperation with criminal groups in Eastern Europe, unsound government security and vague legislation, theft of money and private data, direct offensive ops on local victims and criminal-to-criminal services
Unique local cyberattacks and international cooperation with criminal groups in Eastern Europe, unsound government security and vague legislation, theft of money and private data, direct offensive ops on local victims and criminal-to-criminal services. For the first time Kaspersky Lab shares its intelligence on the human side of underground cybercriminal activity. The first report in the Cyber Underground series reveals the hidden life of cybercriminals in Brazil, a country ranked among the most dangerous for digital citizens.
Biting the hand that feeds
Unlike cybercriminals in other countries, who in general do not respect borders and operate globally, Brazilian cybercriminals are focused on ripping off their own fellow countrymen and local businesses. One of the reasons is vague legislation, resulting in fewer arrests for cybercrimes: the report cites a few examples when exposed criminals ended up spending little to no time in jail. Perceived impunity leads to cybercrime operating almost in the open. In other words, the cyber underground research in Brazil does not demand a lot of digging: criminals are mostly selling their goods and tools like a legitimate business, flashy landing pages and social network promotion included.
Expanding overseas
Operating locally does not mean that cybercriminals are not interacting with their counterparts in other countries. The report reveals how Brazilian criminals reach out to their colleagues in Eastern Europe. They share know-how, exchange favors and purchase services like bullet-proof web hosting. There is sufficient evidence that Brazilian criminals are cooperating with the Eastern European gangs involved with ZeuS, SpyEye and other banking Trojans created in the region.
Monitoring such activity around the world allows Kaspersky Lab to foresee the emergence of a certain cyber-attack and fine-tune protection methods, based on the knowledge obtained in another region.
Local peculiarities
Regional specifics is key to better understanding the threat landscape, and the Brazilian Cyber Underground report proves that. One of the most striking examples is the attack on boletos – banking documents specific to Brazil, used both online and offline to transfer money and pay for the goods. Boletos are part of online-offline system where one generates a payment order on a computer, but then prints it on paper and goes to the brick-and-mortar institution to proceed with the transaction. Boletos rely on barcodes, and cybercriminals have found a way to manipulate them to redirect money transfer to a different account.
In 2014 Brazil was ranked the most dangerous country for financial cyber-attacks. The constant monitoring of Brazilian cybercriminals’ malicious activities provides IT security companies with a good opportunity to discover new attacks related to financial malware.
Privacy issues and government security
Another notable weakness of Brazilian cyber environment is security of government and corporate IT resources. The report provides quite shocking examples, such as a seriously flawed government online resource leaving sensitive data about almost every Brazilian citizen in the open. Cybercriminals are also selling access to statewide data brokers, containing loads of private data, for a mere few dollars. In addition, an attack on a state IT resource, has directly led to further elimination of the Amazon rainforest.
Criminal-to-criminal
The report explores in-depth the business-to-business operations of the Brazilian cyber underground, when different groups cooperate and share their own part of intelligence or technology with each other. The so-called criminal-to-criminal ops are highly developed and widespread: a criminal is granted access to almost any service one can imagine, from illegal access to private data, to made-to-order development of malware. A ransomware toolkit costs only US$30, a keylogger is ten times more expensive.
Intelligence is the key
“One could imagine the work of Kaspersky Lab’s security experts as day-after-day crunching of malicious code. And this perception is quite true, but the expertise in social and business side of the cyber underground is also important. This report shows some examples of this intelligence that helps us to fine-tune the protection for our customers and develop new security technology. In Brazil, like in almost all other countries, we know the agenda of cybercriminals; their current heists and future plans. Combining this knowledge with deep technical expertise of cyber threats, we are able to fight the cybercrime even more efficiently. At the same time, when you look at the Brazilian cyber environment, you see that even the greatest effort from a security company is not enough. The solution to a safer cyberspace is intelligence sharing and cooperation between the security industry, businesses and government, including law enforcement”, commented Fabio Assolini, senior security researcher at Kaspersky Lab’s Global Research & Analysis Team.
Kaspersky Lab’s Cyber Underground report on Brazil is available at Securelist.com. To download the PDF version of the report click here.
Beaches, carnivals and cybercrime: Kaspersky Lab shares insights on Brazilian cyber underground
Kaspersky
Related Articles Virus News
Turkey, Russia, Southeast Asia and Latin America hit by Android threats, Kaspersky identifies
Three new dangerous Android malware variants have been analyzed by Kaspersky researchers. The Tambir, Dwphon, and Gigabud malicious programs exhibit diverse features, ranging from downloading other programs and credential theft to bypassing two-factor authentication (2FA) and screen recording, jeopardizing user privacy and security.Read More >Targeted ransomware groups have grown in numbers and sophistication, say Kaspersky experts
An in-depth research by Kaspersky experts shows a surge in the number of targeted ransomware groups globally by 30% from 2022 to 2023. In parallel to this increase, the number of victims of targeted ransomware attacks spiked by 70% within the same time period. These insights were shared at Kaspersky’s ninth annual Cyber Security Weekend – META, which took place in Kuala Lumpur.Read More >‘Coyote’ ugly: Kaspersky unveils banking trojan targeting over 60 institutions
A new sophisticated banking Trojan that steals sensitive financial information and introduces advanced tactics to avoid detection has been discovered by Kaspersky's Global Research and Analysis Team (GReAT). Dubbed 'Coyote,' this malware relies on the Squirrel installer for distribution, its name drawing inspiration from coyotes, the natural predators of squirrels.Read More >
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.