This summer more than 10,500 athletes will compete to win bronze, silver and, most coveted of all, gold medals. Likewise, cybercriminals will be competing to steal your crown jewels: personal data and funds.

As part of its mission to educate clients and the public at large, IBM X-Force has published a special report on the Brazilian threat landscape to raise awareness of cybercrime and recommend practices to mitigate these threats for businesses and travelers.

When I think back to the summer of 1996 in Atlanta, I consider the choice that my then-job at Georgia Power afforded me: I could either sit in and monitor an electric substation for problems during 12-hour shifts in the heat of a Southern summer or be a driver and translator for an international attendee. The choice was easy, and I ended up with wonderful memories of a global community of organizers and volunteers built around the true meritocracy of athletic achievement (in an air-conditioned BMW).

The Brazilian Threat Landscape

In the back of my mind, however, lingered the fear: What if the electric grid was compromised? While that didn’t happen in 1996, Atlanta had its share of fear with the event venue bombing. Threats to global events on the same scale as large international sporting competitions have not receded in that time; the Brazilian government and sponsors of the 2014 World Cup were subject to large-scale distributed denial-of-service (DDoS) attacks by hacktivists. What, then, can visitors and viewers expect of the Brazilian threat landscape this summer?


When it comes to cybercrime, professionals know that just as Eastern Europe produces the most sophisticated malware, the Brazilian cybercrime arena is a leader in internet fraud. Brazil has the second-highest number of online banking fraud and financial malware targets of any country in the world.

In 2014, Brazil lost more than $8 billion to internet crime, and the losses did not subside in 2015. Cybercrime is the top economic crime in the country; it ranks fourth on the economic crimes chart in the rest of the world.

Many internet users combined with low security awareness means that cybercrime has been gaining momentum in the Brazilian threat landscape, targeting oblivious individuals and low-hanging fruit in the business sector. Financial malware is prolific in Brazil, and the same types of malcodes are spread far and wide on user endpoints throughout the country. Whether Trojans, image-based phishing or fake browsers, a wide variety of attack vectors have been used by cybercriminals to take advantage of the population.

For Travelers

For the cybercriminal at work this August, there may be no reason to give up on time-tested attacks such as DDoS, phishing and other traditionally profitable methods of fraud and theft. With huge numbers of unsuspecting visitors in the country, the potential profit will prompt attackers to try every method available, both online and offline. For the individual computer or smartphone user, there is every reason to be careful of these attacks.

Traditional travel security tips hold true for enterprise users or individuals heading to Brazil. The No. 1 tip for travelers is, as always, awareness. Be cognizant of both your physical and cyber surroundings, as well as where and how you are using payment cards. Guard your personal and digital information with extra care.

For Businesses

Threats usually aren’t obvious — they can be hidden deep inside your hardware and software. Software skimmers are specialized malware packages that monitor point-of-sale (POS) endpoints’ RAM memory for plaintext card data, while hardware skimmers can fit inside normal card readers and fool not only vendors, but also customers — all while copying the magnetic stripe of the cards used in POS machines or ATMs.

Interested in emerging security threats? Read the latest IBM X-Force Research

more from Threat Research

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory.…