July 21, 2016 By Pamela Cobb 3 min read

This summer more than 10,500 athletes will compete to win bronze, silver and, most coveted of all, gold medals. Likewise, cybercriminals will be competing to steal your crown jewels: personal data and funds.

As part of its mission to educate clients and the public at large, IBM X-Force has published a special report on the Brazilian threat landscape to raise awareness of cybercrime and recommend practices to mitigate these threats for businesses and travelers.

When I think back to the summer of 1996 in Atlanta, I consider the choice that my then-job at Georgia Power afforded me: I could either sit in and monitor an electric substation for problems during 12-hour shifts in the heat of a Southern summer or be a driver and translator for an international attendee. The choice was easy, and I ended up with wonderful memories of a global community of organizers and volunteers built around the true meritocracy of athletic achievement (in an air-conditioned BMW).

The Brazilian Threat Landscape

In the back of my mind, however, lingered the fear: What if the electric grid was compromised? While that didn’t happen in 1996, Atlanta had its share of fear with the event venue bombing. Threats to global events on the same scale as large international sporting competitions have not receded in that time; the Brazilian government and sponsors of the 2014 World Cup were subject to large-scale distributed denial-of-service (DDoS) attacks by hacktivists. What, then, can visitors and viewers expect of the Brazilian threat landscape this summer?

Cybercrime

When it comes to cybercrime, professionals know that just as Eastern Europe produces the most sophisticated malware, the Brazilian cybercrime arena is a leader in internet fraud. Brazil has the second-highest number of online banking fraud and financial malware targets of any country in the world.

In 2014, Brazil lost more than $8 billion to internet crime, and the losses did not subside in 2015. Cybercrime is the top economic crime in the country; it ranks fourth on the economic crimes chart in the rest of the world.

Many internet users combined with low security awareness means that cybercrime has been gaining momentum in the Brazilian threat landscape, targeting oblivious individuals and low-hanging fruit in the business sector. Financial malware is prolific in Brazil, and the same types of malcodes are spread far and wide on user endpoints throughout the country. Whether Trojans, image-based phishing or fake browsers, a wide variety of attack vectors have been used by cybercriminals to take advantage of the population.

For Travelers

For the cybercriminal at work this August, there may be no reason to give up on time-tested attacks such as DDoS, phishing and other traditionally profitable methods of fraud and theft. With huge numbers of unsuspecting visitors in the country, the potential profit will prompt attackers to try every method available, both online and offline. For the individual computer or smartphone user, there is every reason to be careful of these attacks.

Traditional travel security tips hold true for enterprise users or individuals heading to Brazil. The No. 1 tip for travelers is, as always, awareness. Be cognizant of both your physical and cyber surroundings, as well as where and how you are using payment cards. Guard your personal and digital information with extra care.

For Businesses

Threats usually aren’t obvious — they can be hidden deep inside your hardware and software. Software skimmers are specialized malware packages that monitor point-of-sale (POS) endpoints’ RAM memory for plaintext card data, while hardware skimmers can fit inside normal card readers and fool not only vendors, but also customers — all while copying the magnetic stripe of the cards used in POS machines or ATMs.

Interested in emerging security threats? Read the latest IBM X-Force Research

More from X-Force

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed ITG05…

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today