Long gone are the days when all hackers – and Bond villains for that matter – hailed from Russia and China. While both countries continue to have their fair share of cyber threats, many others have joined their ranks, not the least of which is the largest country by geography, population and economy in South America: Brazil. Thanks to a recent uptick in the volume and severity of cyber crime, cyber security experts now know the nation of 200 million people for more than its bossa nova, caipirinhas and soccer aficionados.
A first-time, in-depth look at Brazilian cyber crime
About a year ago, Trend Micro released a white paper titled "The Brazilian Underground Market: The Market for Cybercriminal Wannabes?." The report zeroed in on the nature of cyber crime in Brazil, finding, among other things, that cyber attackers in the region were comfortable operating out in the open relative to hackers in Russia and other parts of the world, where cyber crooks tend to offer their services and products in deeper, more clandestine corners of the Web.
Social media, for example, became a popular venue for committing fraud, a fact that also makes sense given Brazil's prolific culture of online socializing over the past few years (In 2013, The Wall Street Journal referred to Brazil as "The social media capital of the universe"). Trend Micro noted, "Even though the platforms they use such as Facebook, YouTube, Twitter, Skype, and WhatsApp seem more traceable, they appear more effective."
More significantly, the report found that one of the unique characteristics of Brazil's cyber criminal underground was its propensity to market hacking tool kits – and even cyber attack training – to what Trend Micro threat researcher Fernando Mercês referred to as "cyber criminal wannabes." These cyber crime bundles were inclusive of banking Trojans, business application account credentials, online service account credential checkers, phishing pages, phone number lists and more. Training services for aspiring cyber criminals included fully undetectable (FUD) crypter programming, training videos and even support services for hackers via Skype.
A continuation of trends – for the most part
Since Trend Micro's first in-depth look at Brazil's cyber criminal underground, progression has continued apace. For the most part, there have not been any extraordinary surprises. Nevertheless, there were a few important trends worth revisiting. Let's review:
Still operating out in the open: Firstly, Trend Micro's most recent research about the Brazilian underground found that cyber crime tools and services are still hot-selling items and fraud continues to occur fairly out in the open – for example, on easily accessible public forums and applications. Trend Micro notes that this may be a reflection of the country's attitudes toward law enforcement, which is pretty dismissive. Cyber crime is a fairly new medium for mayhem and law enforcement's ability to handle the escalating problem remains questionable. For this reason, there is very little need for a Deep Web at the moment. Virtual crime – at least until the need to mask larger money transfers arises – can continue happening with relative transparency.
Banking is still the main target: Trend Micro's report also noted a general increase in the number of tools used to conceal illicit activities, as well as a continuation in the buying and selling of malicious programs. Again, this is not altogether shocking. Interestingly, the report did note that banking continues to be a high-profile target for many hackers. One of the reasons for this, according to Trend Micro, is that like social media, Brazil is one of the leading users in the world of online banking.
"More than 40 percent of Brazil's population banked online as of 2014," the report notes. "Brazilians would rather use their computers or smartphones to check their account balances online more than physically go to their bank branches or call designated hotlines."
As a result of this fact, most of the world's banking malware currently in existence has ties to, or has been made in, Brazil.
The birth of ransomware: One of the most significant advancements in the Brazilian underground over the past year is the rise of ransomware. Again, this was an inevitability given the progression of hackers there – especially considering Brazilian cyber criminals' somewhat unique approach to hacker education.
"In one ad, a seller even noted that the piece of FileCrypter ransomware includes a full panel showing the number of devices it infected, details on the users who paid the ransom, and the total amount he has received as payment so far," Trend Micro notes in its report. "Paying the ransom doesn't ensure that those who gave in won't be targeted again, given that the cyber criminals knew they have the capacity to pay."
At first glance, the progression of the Brazilian underground over the past year may seem relatively unremarkable. However, there is one very disconcerting fear that arises from Trend Micro's findings, and that's the fact that hacker activity is occurring so transparently. If the underground is allowed to grow in an uninhibited manner – as it currently is – law enforcement may fall behind in its efforts to mitigate cyber threats and cyber crime will become increasingly difficult to manage.
Not to mention, as hackers become more confident, they may become more ambitious too, and that will not bode well for anyone, including organizations in countries outside of Brazil. This is a problem that may be augmented by the Summer Olympics, which are taking place in Rio later this year and are expected to draw in thousands of multinational sponsors and millions of visitors from all over the world. If nothing else, Trend Micro's findings highlight the urgency of improved cyber security in Brazil.