July 21, 2016 By Pamela Cobb 3 min read

This summer more than 10,500 athletes will compete to win bronze, silver and, most coveted of all, gold medals. Likewise, cybercriminals will be competing to steal your crown jewels: personal data and funds.

As part of its mission to educate clients and the public at large, IBM X-Force has published a special report on the Brazilian threat landscape to raise awareness of cybercrime and recommend practices to mitigate these threats for businesses and travelers.

When I think back to the summer of 1996 in Atlanta, I consider the choice that my then-job at Georgia Power afforded me: I could either sit in and monitor an electric substation for problems during 12-hour shifts in the heat of a Southern summer or be a driver and translator for an international attendee. The choice was easy, and I ended up with wonderful memories of a global community of organizers and volunteers built around the true meritocracy of athletic achievement (in an air-conditioned BMW).

The Brazilian Threat Landscape

In the back of my mind, however, lingered the fear: What if the electric grid was compromised? While that didn’t happen in 1996, Atlanta had its share of fear with the event venue bombing. Threats to global events on the same scale as large international sporting competitions have not receded in that time; the Brazilian government and sponsors of the 2014 World Cup were subject to large-scale distributed denial-of-service (DDoS) attacks by hacktivists. What, then, can visitors and viewers expect of the Brazilian threat landscape this summer?


When it comes to cybercrime, professionals know that just as Eastern Europe produces the most sophisticated malware, the Brazilian cybercrime arena is a leader in internet fraud. Brazil has the second-highest number of online banking fraud and financial malware targets of any country in the world.

In 2014, Brazil lost more than $8 billion to internet crime, and the losses did not subside in 2015. Cybercrime is the top economic crime in the country; it ranks fourth on the economic crimes chart in the rest of the world.

Many internet users combined with low security awareness means that cybercrime has been gaining momentum in the Brazilian threat landscape, targeting oblivious individuals and low-hanging fruit in the business sector. Financial malware is prolific in Brazil, and the same types of malcodes are spread far and wide on user endpoints throughout the country. Whether Trojans, image-based phishing or fake browsers, a wide variety of attack vectors have been used by cybercriminals to take advantage of the population.

For Travelers

For the cybercriminal at work this August, there may be no reason to give up on time-tested attacks such as DDoS, phishing and other traditionally profitable methods of fraud and theft. With huge numbers of unsuspecting visitors in the country, the potential profit will prompt attackers to try every method available, both online and offline. For the individual computer or smartphone user, there is every reason to be careful of these attacks.

Traditional travel security tips hold true for enterprise users or individuals heading to Brazil. The No. 1 tip for travelers is, as always, awareness. Be cognizant of both your physical and cyber surroundings, as well as where and how you are using payment cards. Guard your personal and digital information with extra care.

For Businesses

Threats usually aren’t obvious — they can be hidden deep inside your hardware and software. Software skimmers are specialized malware packages that monitor point-of-sale (POS) endpoints’ RAM memory for plaintext card data, while hardware skimmers can fit inside normal card readers and fool not only vendors, but also customers — all while copying the magnetic stripe of the cards used in POS machines or ATMs.

Interested in emerging security threats? Read the latest IBM X-Force Research

More from X-Force

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.This milestone was reached at Pwn2Own 2024 in Vancouver, where two women, Valentina Palmiotti and Emma Kirkpatrick, each secured full wins by exploiting kernel vulnerabilities in Microsoft Windows 11. Prior to this year, only Amy Burnett and Alisa Esage had competed in the contest's 17-year history, with Esage achieving a partial win in…

X-Force discovers new vulnerabilities in smart treadmill

7 min read - This research was made possible thanks to contributions from Joshua Merrill. Smart gym equipment is seeing rapid growth in the fitness industry, enabling users to follow customized workouts, stream entertainment on the built-in display, and conveniently track their progress. With the multitude of features available on these internet-connected machines, a group of researchers at IBM X-Force Red considered whether user data was secure and, more importantly, whether there was any risk to the physical safety of users. One of the most…

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today