Last updated: 8 April 2015
Year on year more Brazilians are becoming victims of cybercrimes, as these threats become more versatile and capable of reaching a wide scope of devices.
Year on year more Brazilians are becoming victims of cybercrimes, as these threats become more versatile and capable of reaching a wide scope of devices. In this article we will highlight the largest cybercrime threats in Brazil.
Brazilians Online Behaviour and Vulnerabilities
Over the last few years, a large number of Brazilians have gained access to computers, mobile devices and home internet connections, with both government and private sectors contributing to make these technologies more affordable and available to the population.
While this is undoubtedly good news for the country in general, it also means that many Brazilians are connecting to online environments and services for the first time, and in most cases not taking the necessary measures to ensure the protection of personal and sensitive data.
An overall disregard for online security seems to be part of the Brazilian users culture, as research indicates severe vulnerabilities in the use of computers and smart devices. In 2014, a study by cyber security company Avast found that 65% of wireless networks routers found in Brazilian households used the default ID and password for the devices. The lack of attention and know-how to properly configure safety measures opens up a severe vulnerability for malicious users to take control of crucial functions of the equipment and be able to gather sensitive information.
Another study, conducted by cyber security company Symantec in 2013, found that 61% of adult users in the country connect to unsecured and public wireless networks, while 39% of smartphone users do not delete suspicious e-mails. The same research found that six out of ten internet users had been victims of cybercrimes and that criminal practices from the previous 12 months amounted for a total loss of 18 BRL billion.
Aside from traditional means for infection, such as downloading malicious files from e-mail messages, Brazilians have been found to be subject to specific, relatively recent, vulnerabilities. One of these is malicious browser extensions, or malware plugins that affect applications such as Chrome and Firefox, the most popular internet browsers in the country. A study by cyber security company Trend Micro found that Brazil represents almost 24% of all users affected by malicious browser extensions in the world.
Recently disclosed statistics by Cert.br, or the Center of Studies, Response and Treatment of Security Incidents in Brazil, indicates that malicious activities on online environments increased 197% from 2013 to 2014, with practices such as service denial, network scanning and web page and server attacks displaying significant growth.
As an increasing number of Brazilians connect to the internet and continue taking part in vulnerable practices, well-known and new malicious scams have the potential to become bigger threats to the country’s online population.
Banking Malware and Phishing
One of the biggest threats to Brazilian internet users is banking malware, a form of cybercrime that has become widespread following the wide adoption of online banking by the country’s population. To put the size of this vulnerability in numbers, research from 2013 conducted by Febraban, or the Brazilian Banks Federation, found that 51% of financial operations that took place during that year were handled by online banking and mobile banking applications.
The peculiarities of the Brazilian payment system have also contributed to the development and spread of specific threats in the field of online banking and payments. The most notable example is Bolware, or malicious software designed to reconfigure invoice documents known as Boletos in order to have users unknowingly deposit money to criminals’ bank accounts. This type of cybercrime, according to Trend Micro, mostly affects users in the states of São Paulo, Minas Gerais and Rio de Janeiro.
Due to the vulnerabilities brought by Brazilian internet users, the country has become one of the main targets for banking cyber attacks. A report by Kapersky from 2014 revealed that 6,5% of banking and financial cybercrimes in the world took place in Brazil, and that 20% of users attacked by malware in the country were infected by financial malware.
One of the most common ways for users to become victims of banking and financial cyber crimes is by accessing websites disguised as the most popular banks in the country and submitting personal information. This type of cybercrime, known as phishing, has been found to affect 14% of internet users in Brazil, and takes an average toll of BRL 200 per user, according to a study from 2013 by Microsoft.
Mobile Device and Social Network Vulnerabilities
As mobile devices like smartphones and tablets become some of the main ways for Brazilians to access the internet and users do not take the necessary measures to browse safely, the number of cybercrimes directed to these platforms has also increased significantly over the last few years in the country.
These types of attacks have ranged from traditional crimes such as the installation of malware designed to gather personal information to new threats, such as encrypting files found in the device like pictures and documents and charging a fee to have them released, in an attack known as ransomware. According to a report by Google published in 2015, Brazilian smartphone users were found to have higher rates of infection by malicious applications, mobile device spyware and fraudulent SMS applications than global users.
Social networks, which are known to be extremely popular and frequently used in Brazil, have become a new means for cybercriminals to affect internet users as of recent years. A study by Symantec from 2012 concluded that four out of ten Brazilian social network users have become victims of cybercrimes. Some of the most popular threats include the offering of malicious software that claim to provide additional, unofficial functions to social networks and the upload of content such as pictures and videos containing harmful codes to these websites.