The Latest in IT Security

Brazil Fights Old Malware, Spam, and Underground Market Growth


As globalization drives Brazilian industries forward, it also invites threats that aim on the weaknesses of growing market economies. Financial crimes have always topped the list of cyber security issues in Brazil, but as the country’s economy grows more people are exposed to the perks and problems of the latest computing technologies.

The recent Trend Micro paper “Brazil, Cybersecurity Challenges Faced by a Fast-Growing Market Economy” reveals that the country underwent a dramatic increase in cybercrime. Brazil has one of the fastest growing Internet user bases in the world-both a blessing and a curse when it comes to cyber security. The more Brazilians are able to access the Internet, the larger the cybercriminal market base becomes. With most displaying poor Internet usage habits, the Brazilian online market becomes a harvesting spot for cybercriminals.

The report discussed how this phenomenon has already gained ground by way of unpatched systems and old malware tricks. One major indicator of this is the major presence of the Conficker/DOWNAD malware, which underscores concerns surrounding users who overlook critical basic cyber security practices. As patches needed to remove Conficker/DOWNAD have been available for more than four years now, its presence indicates widespread failure to follow best practices on software patching, including running security software and updating it.

Brazil’s cybercrime landscape is partly a result of unsafe web practices and a thriving underground market. Today, Brazil sends out the most number of spammed messages in Latin America. Almost two out of five (38%) malicious emails from the region comes from Brazil. In addition, majority (58%) of malicious URLs are also hosted in Brazil. The country is also known as an active ground for command-and-control (C&C) servers and compromised computers that take part in large data-stealing botnet operations.

Figure 1. Heat Map of Latin American spam-sending country share breakdown, based on spam-sending IPs

The underground cybercriminal operations in Brazil revolve around gaining financial and personally identifiable information (PII) for profit. Their hacker forums are rife with exchanges for credit card information, virtual private server (VPS) hosting services, phishing kits, and others. For instance, the report reveals that information from ten credit cards amount to an average of R$700.

Online banking theft is especially rampant in the country, whose history of hyperinflation has once led to an early adoption of online financial systems and a large online banking community. In Brazil, cybercriminals prefer using the BANCOS online banking malware strain over ZeuS and other popular crimeware kits.

The emergence of the sophisticated crimeware kit, Picebot, has also revealed that cross-regional underground activities actively happen between hackers in Brazil-the start of a more mature and structured underground ecosystem.

Cybercriminals in Brazil are also known to add a local flavor to their data-stealing methods. These include using the local language in social scams, Orkut as an underground forum, and the Brazilian “Boleto” payment scheme as a money-making target.

Figure 2. Sample boleto used for financial transactions in Brazil. Highlighted sections show codes usually stolen/faked by cybercriminals

Cyber Security Steps in Progress

These risks to individuals, companies, governments, and information and communication technology (ICT) systems, have caused the Brazilian government to take action. The National Strategy of Defense was established in 2008 to protect public administration networks. Two laws, the Azeredo and Carolina Dieckman, were passed to establish police structure against cybercrime and criminalize unauthorized access to sensitive information, respectively. Numerous government research and incident groups were also created for cyber security infrastructure development and incident investigations.

As we broadly saw within the Latin American Region in “Latin American and Caribbean Cybersecurity Trends and Government Responses,” successfully meeting the challenges in Brazil requires political will, law enforcement resources, and a robust, ongoing public-private partnership (PPP) with Internet service providers (ISPs), security companies, and hardware and software vendors.

Find out more about the threat landscape in Brazil on our paper “Brazil, Cybersecurity Challenges Faced by a Fast-Growing Market Economy.

For more information on the state of cybersecurity in Latin America, you may refer to our research paper (in cooperation with the Organization of American States) Latin American and Caribbean Cybersecurity Trends and Government Responses.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments