Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
The Cybercrime Carnival in Brazil: Loose Cyberlaws Make for Loose Cybercriminals
Newest First  |  Oldest First  |  Threaded View
iCyberFighter
50%
50%
iCyberFighter,
User Rank: Apprentice
5/20/2015 | 3:23:35 AM
Bad economy, cybercrime and law enforcement
While it is true that a harsh economical situation in any country may push people to crime, and to cybercrime, it does not mean that criminals can behave as if there was nothing to fear. If we take Russia for example, as one of the biggest cybercrime hubs in the world, we see a bad economy which makes cybercrime look lucrative, and many people engage in it. What we do not see in Russia, is cybercriminals in the open, wheeling & dealing fraud as if it was not a big deal. On the contrary, Eastern European cybercriminals take stealth very seriously. Where we see criminals completely undermine their idenetiy is in Brazil, and that's most likely because the legal reprecussions are just not severe enough to deter people from engaging in that sort of crime -- yet. I am sure that laws will be stepped up and once policing becomes tighter, cybercriminality in the country will see a meaningful decline.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/18/2015 | 3:16:29 PM
What is the impact?
They do not have to use a well-known malware for sure to have results, at the same time I wonder how much impact they are really having with these lesser known malwares.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/18/2015 | 3:10:00 PM
Re: Remembering Boleto and Brazilian Bank Fraud
My second though would be people could not find a proper job to do so they with alternative ways of making quick money, which may very well be a cyber-attack post :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/18/2015 | 3:06:01 PM
Re: Remembering Boleto and Brazilian Bank Fraud
I guess the reason that Brazil is not commonly listed because they are mainly victims of attacks, not initiators. You need somewhat high tech to execute an attack that delivers results.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/18/2015 | 3:02:43 PM
Underground or not?
I think part of it is the current economy of the Brazil. It does not have to be underground, it may be daytime normal process when the economic could not substance itself it you as an individual or private company or a governmental department start making your list with prioritization: are you going to have dinner tonight or secure your computer from cyber threats? There is no real choice. 
iCyberFighter
100%
0%
iCyberFighter,
User Rank: Apprentice
5/18/2015 | 7:28:43 AM
Re: Remembering Boleto and Brazilian Bank Fraud
Thank you for the positive comment, and I do agree! There is a lot to cover when it comes to Latin America cybercrime and Brazilian online crime in particular. Will definitely bring more on that as it emerges. I have recently blogged about a Brazilian browser overlay Trojan named Pezao. The blog can be accessed on IBM's Security Intelligence blog portal. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/15/2015 | 2:43:23 PM
Re: Remembering Boleto and Brazilian Bank Fraud
Yes, it was a surprise to me to find out that cybercrime is alive and well (and toppoing the charts) in Brazil.  Fascinating, really! Glad you liked the info, @Christian Bryant.
RetiredUser
100%
0%
RetiredUser,
User Rank: Ninja
5/15/2015 | 12:51:48 PM
Remembering Boleto and Brazilian Bank Fraud
I remember last year reading about the Boleto fraud ring and the details of that operation spanning from malware, to social engineering and even murder (cited in one article but not clear whether this was confirmed).  This organization is not only the real deal, but also scary in the sense that they are taking cybercrime to a whole new level and presenting a palette from which American cybercriminals might be tempted to paint.

Please keep these updates on Brazil coming, as I think we are used to seeing China, Russia, Korea and other "Top 10" sources of cybercrime in the news, but Brazil is not always there in the mix and it shoudl be.  I know mapping cybercrime in South/Latin America is a challenge based upon several papers I've read recently on the topic.  Crime has a different lifecycle there than in some countries, and the number of users in these countries connecting to the Internet is skyrocketing.

Excellent article - let's see some more along these lines, particularly that cover initiatives South/Latin American governments are kicking off to stop cybercrime and more profiles on the criminals and their organizations that make up that ecosystem.


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31618
PUBLISHED: 2021-06-15
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why...
CVE-2021-20027
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids ...