This summer more than 10,500 athletes will compete to win bronze, silver and, most coveted of all, gold medals. Likewise, cybercriminals will be competing to steal your crown jewels: personal data and funds.

As part of its mission to educate clients and the public at large, IBM X-Force has published a special report on the Brazilian threat landscape to raise awareness of cybercrime and recommend practices to mitigate these threats for businesses and travelers.

When I think back to the summer of 1996 in Atlanta, I consider the choice that my then-job at Georgia Power afforded me: I could either sit in and monitor an electric substation for problems during 12-hour shifts in the heat of a Southern summer or be a driver and translator for an international attendee. The choice was easy, and I ended up with wonderful memories of a global community of organizers and volunteers built around the true meritocracy of athletic achievement (in an air-conditioned BMW).

The Brazilian Threat Landscape

In the back of my mind, however, lingered the fear: What if the electric grid was compromised? While that didn’t happen in 1996, Atlanta had its share of fear with the event venue bombing. Threats to global events on the same scale as large international sporting competitions have not receded in that time; the Brazilian government and sponsors of the 2014 World Cup were subject to large-scale distributed denial-of-service (DDoS) attacks by hacktivists. What, then, can visitors and viewers expect of the Brazilian threat landscape this summer?


When it comes to cybercrime, professionals know that just as Eastern Europe produces the most sophisticated malware, the Brazilian cybercrime arena is a leader in internet fraud. Brazil has the second-highest number of online banking fraud and financial malware targets of any country in the world.

In 2014, Brazil lost more than $8 billion to internet crime, and the losses did not subside in 2015. Cybercrime is the top economic crime in the country; it ranks fourth on the economic crimes chart in the rest of the world.

Many internet users combined with low security awareness means that cybercrime has been gaining momentum in the Brazilian threat landscape, targeting oblivious individuals and low-hanging fruit in the business sector. Financial malware is prolific in Brazil, and the same types of malcodes are spread far and wide on user endpoints throughout the country. Whether Trojans, image-based phishing or fake browsers, a wide variety of attack vectors have been used by cybercriminals to take advantage of the population.

For Travelers

For the cybercriminal at work this August, there may be no reason to give up on time-tested attacks such as DDoS, phishing and other traditionally profitable methods of fraud and theft. With huge numbers of unsuspecting visitors in the country, the potential profit will prompt attackers to try every method available, both online and offline. For the individual computer or smartphone user, there is every reason to be careful of these attacks.

Traditional travel security tips hold true for enterprise users or individuals heading to Brazil. The No. 1 tip for travelers is, as always, awareness. Be cognizant of both your physical and cyber surroundings, as well as where and how you are using payment cards. Guard your personal and digital information with extra care.

For Businesses

Threats usually aren’t obvious — they can be hidden deep inside your hardware and software. Software skimmers are specialized malware packages that monitor point-of-sale (POS) endpoints’ RAM memory for plaintext card data, while hardware skimmers can fit inside normal card readers and fool not only vendors, but also customers — all while copying the magnetic stripe of the cards used in POS machines or ATMs.

Interested in emerging security threats? Read the latest IBM X-Force Research

More from Threat Research

Operational Technology: The evolving threats that might shift regulatory policy

Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022 — a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure. Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are…

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Defining the Cobalt Strike Reflective Loader

The Challenge with Using Cobalt Strike for Advanced Red Team Exercises While next-generation AI and machine-learning components of security solutions continue to enhance behavioral-based detection capabilities, at their core many still rely on signature-based detections. Cobalt Strike being a popular red team Command and Control (C2) framework used by both threat actors and red teams since its debut, continues to be heavily signatured by security solutions. To continue Cobalt Strikes operational usage in the past, we on the IBM X-Force…