Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
The Cybercrime Carnival in Brazil: Loose Cyberlaws Make for Loose Cybercriminals
Newest First  |  Oldest First  |  Threaded View
iCyberFighter
50%
50%
iCyberFighter,
User Rank: Apprentice
5/20/2015 | 3:23:35 AM
Bad economy, cybercrime and law enforcement
While it is true that a harsh economical situation in any country may push people to crime, and to cybercrime, it does not mean that criminals can behave as if there was nothing to fear. If we take Russia for example, as one of the biggest cybercrime hubs in the world, we see a bad economy which makes cybercrime look lucrative, and many people engage in it. What we do not see in Russia, is cybercriminals in the open, wheeling & dealing fraud as if it was not a big deal. On the contrary, Eastern European cybercriminals take stealth very seriously. Where we see criminals completely undermine their idenetiy is in Brazil, and that's most likely because the legal reprecussions are just not severe enough to deter people from engaging in that sort of crime -- yet. I am sure that laws will be stepped up and once policing becomes tighter, cybercriminality in the country will see a meaningful decline.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/18/2015 | 3:16:29 PM
What is the impact?
They do not have to use a well-known malware for sure to have results, at the same time I wonder how much impact they are really having with these lesser known malwares.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/18/2015 | 3:10:00 PM
Re: Remembering Boleto and Brazilian Bank Fraud
My second though would be people could not find a proper job to do so they with alternative ways of making quick money, which may very well be a cyber-attack post :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/18/2015 | 3:06:01 PM
Re: Remembering Boleto and Brazilian Bank Fraud
I guess the reason that Brazil is not commonly listed because they are mainly victims of attacks, not initiators. You need somewhat high tech to execute an attack that delivers results.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/18/2015 | 3:02:43 PM
Underground or not?
I think part of it is the current economy of the Brazil. It does not have to be underground, it may be daytime normal process when the economic could not substance itself it you as an individual or private company or a governmental department start making your list with prioritization: are you going to have dinner tonight or secure your computer from cyber threats? There is no real choice. 
iCyberFighter
100%
0%
iCyberFighter,
User Rank: Apprentice
5/18/2015 | 7:28:43 AM
Re: Remembering Boleto and Brazilian Bank Fraud
Thank you for the positive comment, and I do agree! There is a lot to cover when it comes to Latin America cybercrime and Brazilian online crime in particular. Will definitely bring more on that as it emerges. I have recently blogged about a Brazilian browser overlay Trojan named Pezao. The blog can be accessed on IBM's Security Intelligence blog portal. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/15/2015 | 2:43:23 PM
Re: Remembering Boleto and Brazilian Bank Fraud
Yes, it was a surprise to me to find out that cybercrime is alive and well (and toppoing the charts) in Brazil.  Fascinating, really! Glad you liked the info, @Christian Bryant.
RetiredUser
100%
0%
RetiredUser,
User Rank: Ninja
5/15/2015 | 12:51:48 PM
Remembering Boleto and Brazilian Bank Fraud
I remember last year reading about the Boleto fraud ring and the details of that operation spanning from malware, to social engineering and even murder (cited in one article but not clear whether this was confirmed).  This organization is not only the real deal, but also scary in the sense that they are taking cybercrime to a whole new level and presenting a palette from which American cybercriminals might be tempted to paint.

Please keep these updates on Brazil coming, as I think we are used to seeing China, Russia, Korea and other "Top 10" sources of cybercrime in the news, but Brazil is not always there in the mix and it shoudl be.  I know mapping cybercrime in South/Latin America is a challenge based upon several papers I've read recently on the topic.  Crime has a different lifecycle there than in some countries, and the number of users in these countries connecting to the Internet is skyrocketing.

Excellent article - let's see some more along these lines, particularly that cover initiatives South/Latin American governments are kicking off to stop cybercrime and more profiles on the criminals and their organizations that make up that ecosystem.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23416
PUBLISHED: 2021-07-28
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
CVE-2021-23417
PUBLISHED: 2021-07-28
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.
CVE-2021-23415
PUBLISHED: 2021-07-28
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.
CVE-2020-4974
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
CVE-2020-5004
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.