Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/15/2015
11:30 AM
Limor S Kessem
Limor S Kessem
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

The Cybercrime Carnival in Brazil: Loose Cyberlaws Make for Loose Cybercriminals

Brazil loses over $8 billion a year to Internet crime, making it the second-largest cybercrime generator in the world.

Just about a decade ago, bringing up Brazil would make most people draw up an associative mental image of colorful festivities in a city where Christ the Redeemer spreads his arms over densely populated favelas and beaches.

Today, Brazil also happens to be the second-largest cybercrime generator in the world, ranking No. 1 in Latin America and the Caribbean as both a source and target of online attacks. Malware and online fraud patterns in Brazil are developed and used by local cybercriminals and gangs who specialize in targeting its payment and services schemes.

In numbers, Brazil loses over $8 billion a year to Internet crime, which is the No. 1 economic crime in the country, compared to the rest of the world, where cybercrime is ranked fourth.

With about 54% of the country's 200 million citizens already using the Internet, cybercrime is a lucrative endeavor for small-timers, nouveau cybergangs and mafia bosses diversifying their portfolio.

One indication for cybercrime success rates comes from Febraban, the Brazilian Banking Federation, which says cybercrime causes 95% of losses for Brazilian banks. The facilitator of this crime is the unique Brazilian underground black market, which surpasses the Russian-speaking underground in both size and activity. Criminals in this bustling Wild West aren't considered sophisticated in technical terms, not versed in the art of online stealth, and apparently not even trying to hide in underground venues. As a matter of fact, their favorite is social networking sites.

It makes one wonder – what’s going on in Brazil that's different from the rest of the world? What makes cybercriminals in this one country be so brazen and successful all while using use very basic malware and stealth capabilities? There are a few factors that help them along:

  • Unwitting Victims: A very large online population, most recently started using the Internet and online services – with low or nonexistent levels of security awareness.
  • Special Security Needs: It is simple to target payment schemes and anti-fraud solutions that are not adapted to the specific cybercrime in the country.
  • Weak Deterrence Factor: The country has weak cybercrime laws with slap-on-the-hand-level punishments.

Homegrown and Locally Served
On top of having their own turf to experiment on, Brazil's cybercriminals entered the online crime world a little after their Russian- and English-speaking counterparts already founded a vivid black market for cybercrime services and commodities. That lowered the entry barriers and sharpened the learning curve for local cybercriminals who use the knowledge to attack local banks, payments, and online services.

Almost all malware used in Brazil is made for local attacks. If you’re asking yourself why Brazilian cybercriminals rarely use advanced malware such as Zeus, Cridex or Dyre, the answer is simple — why shoot a fly with a cannonball?

So, while the scope of services Brazilians receive online are equal in their quality and diversity to the ones offered in North America and Europe, the territory lags behind in terms of security. This in turns raises crime rates, but it’s not the only factor. The biggest issue is that criminals are not afraid enough of the potential retribution to give it a go… or a hundred.

Underground? What Underground?
In a rather glaring difference from what one would see in the typical English- or Russian-speaking underground, where stealth and anonymity are of paramount importance, cybercriminals in Brazil hang out in the open. In many ways, cybercrime in Brazil is handled like social networking: in public social networking groups, and even in person.

If not for a lack of legal deterrence, why would criminals communicate where they can easily be tracked by law enforcement, down to their exact location, including transcripts of every word they ever exchanged with their peers, just in case supportive evidence was needed? Let’s have a quick look at the legal situation.

No Laws But Their Own
According to the Business Software Alliance, existing criminal laws in Brazil are out of compliance with international standards for digital crime. The Brazilian Chamber of Deputies has only ever approved two cybercrime bills, passed in November 2012, threatening delinquents with fines and up to two years in prison. Almost laughable considering the potential profits gangs can earn within that same time frame can reach $3.75 billion.

There are 40 additional bills related to fighting cybercrime awaiting approval in the Brazilian Congress, which only proves how wide the gap is between the need for deterrence and the available response from a government that is perhaps ill-prepared to deal with a very large and rapidly evolving cyber landscape.

Time is of the Essence
The growth of the cybersphere in Brazil is fast and exponential, and with it, local online crime keeps expanding. A country known for its traditionally high crime rates, time is truly of the essence for Brazil to rise against the hike in virtual crimes, before things get worse.

It is important to note that although it is now dealing with large volumes of small time cybercrime, Brazil may still be in the midst of a grace period of sorts. While local criminals defraud Boleto payments one at a time, organized cybercrime from Eastern Europe can easily shift its focus to the Brazilian Real, and hit with a major heist the like of the Carbanak operation.

The good news is that fighting criminals who do not even hide is going to make life easier for law enforcement. But it will take new laws to bring suspects to justice, and more serious implications for perpetrators to shy away from cybercrime.

Will this not just make Brazilian criminals step up their sophistication levels? Maybe, but it will sharply dwindle volumes, shutting out the actors that lack deep technical savvy or the understanding of advanced threat detection.

Approving new laws, growing and empowering e-crime police forces, and bringing criminals to justice, are of the utmost importance in this battle. These measure must come in lockstep with the enhancement of technology-based deterrents across all financial service channels, and must be based on very minute adaptation to Brazilian cybercrime.

 

Limor Kessem is one of the top cyber intelligence experts at IBM Trusteer. She is a seasoned speaker and a regular blogger on the cutting-edge IBM Security Intelligence blog. Limor comes to IBM from organizations like RSA Security, where she spent 5 years as part of the RSA ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
iCyberFighter
50%
50%
iCyberFighter,
User Rank: Apprentice
5/20/2015 | 3:23:35 AM
Bad economy, cybercrime and law enforcement
While it is true that a harsh economical situation in any country may push people to crime, and to cybercrime, it does not mean that criminals can behave as if there was nothing to fear. If we take Russia for example, as one of the biggest cybercrime hubs in the world, we see a bad economy which makes cybercrime look lucrative, and many people engage in it. What we do not see in Russia, is cybercriminals in the open, wheeling & dealing fraud as if it was not a big deal. On the contrary, Eastern European cybercriminals take stealth very seriously. Where we see criminals completely undermine their idenetiy is in Brazil, and that's most likely because the legal reprecussions are just not severe enough to deter people from engaging in that sort of crime -- yet. I am sure that laws will be stepped up and once policing becomes tighter, cybercriminality in the country will see a meaningful decline.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/18/2015 | 3:16:29 PM
What is the impact?
They do not have to use a well-known malware for sure to have results, at the same time I wonder how much impact they are really having with these lesser known malwares.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/18/2015 | 3:10:00 PM
Re: Remembering Boleto and Brazilian Bank Fraud
My second though would be people could not find a proper job to do so they with alternative ways of making quick money, which may very well be a cyber-attack post :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/18/2015 | 3:06:01 PM
Re: Remembering Boleto and Brazilian Bank Fraud
I guess the reason that Brazil is not commonly listed because they are mainly victims of attacks, not initiators. You need somewhat high tech to execute an attack that delivers results.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/18/2015 | 3:02:43 PM
Underground or not?
I think part of it is the current economy of the Brazil. It does not have to be underground, it may be daytime normal process when the economic could not substance itself it you as an individual or private company or a governmental department start making your list with prioritization: are you going to have dinner tonight or secure your computer from cyber threats? There is no real choice. 
iCyberFighter
100%
0%
iCyberFighter,
User Rank: Apprentice
5/18/2015 | 7:28:43 AM
Re: Remembering Boleto and Brazilian Bank Fraud
Thank you for the positive comment, and I do agree! There is a lot to cover when it comes to Latin America cybercrime and Brazilian online crime in particular. Will definitely bring more on that as it emerges. I have recently blogged about a Brazilian browser overlay Trojan named Pezao. The blog can be accessed on IBM's Security Intelligence blog portal. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/15/2015 | 2:43:23 PM
Re: Remembering Boleto and Brazilian Bank Fraud
Yes, it was a surprise to me to find out that cybercrime is alive and well (and toppoing the charts) in Brazil.  Fascinating, really! Glad you liked the info, @Christian Bryant.
Christian Bryant
100%
0%
Christian Bryant,
User Rank: Ninja
5/15/2015 | 12:51:48 PM
Remembering Boleto and Brazilian Bank Fraud
I remember last year reading about the Boleto fraud ring and the details of that operation spanning from malware, to social engineering and even murder (cited in one article but not clear whether this was confirmed).  This organization is not only the real deal, but also scary in the sense that they are taking cybercrime to a whole new level and presenting a palette from which American cybercriminals might be tempted to paint.

Please keep these updates on Brazil coming, as I think we are used to seeing China, Russia, Korea and other "Top 10" sources of cybercrime in the news, but Brazil is not always there in the mix and it shoudl be.  I know mapping cybercrime in South/Latin America is a challenge based upon several papers I've read recently on the topic.  Crime has a different lifecycle there than in some countries, and the number of users in these countries connecting to the Internet is skyrocketing.

Excellent article - let's see some more along these lines, particularly that cover initiatives South/Latin American governments are kicking off to stop cybercrime and more profiles on the criminals and their organizations that make up that ecosystem.
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12960
PUBLISHED: 2019-06-25
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.
CVE-2019-12961
PUBLISHED: 2019-06-25
LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.
CVE-2019-12962
PUBLISHED: 2019-06-25
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
CVE-2019-12963
PUBLISHED: 2019-06-25
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.
CVE-2019-12964
PUBLISHED: 2019-06-25
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.