Understanding the Brazilian hacking community [Q&A]
We tend to think of hacking communities as being concentrated in the Far East or the former Soviet bloc, but of course there hackers elsewhere that we don't hear so much about.
Researchers at Recorded Future have been investigating hacking communities around the world, and their latest report covers Brazil.
It finds that hackers in Brazil are keen to follow the money and have shown an impressive ability to bypass internet banking security controls and ATM security. What's more the country's high level hackers often succeed in overcoming two factor authentication.
One of the reasons we hear relatively little about the Brazilian hacking community is that their targets are primarily within the country. We spoke to Ronaldo Vasconcellos, senior threat intelligence analyst at Recorded Future to discover a bit more about the report's findings.
BN: Why is Brazil particularly attractive to hackers?
RV: Low level of security awareness, high incidence of software piracy that don't receive security updates. Those are some of the main reasons why Brazil is so attractive to hackers. Despite the fact credit cards are still not used by a significant part of the population -- 60 percent of the population has some type of debt card -- internet banking is popular. Successful attacks against that platform allows the attacker to pay bills and make transfers.
BN: Is it mainly language that ensures attacks are largely contained within the country?
RV: In terms of the financial vertical -- the most targeted by attackers -- language and banking system rules contain most of the attacks within the borders of the country. However, in the past years, Brazilian actors were observed targeting other South America countries with Remote Access Trojans (RATs).
BN: Does the lack of data protection regulation mean the scale of the problem is potentially much larger than we know?
RV: Possibly. Indicators of incidents were observed multiple times -- hackers disclosing breach data, phishing campaigns that include full name and ID of the target. In many of those incidents, the response from affected companies varied from absolute silence to statements denying the incident or informing the leaked data had no relevance or was too old. The bill L13709, also known as 'Lei Geral de Proteção de Dados (LGPD)', was sanctioned by Brazilian president in August 2018 and will be effective in August 2020. Article #48 of that bill describes incident handling requirements, including the disclosure of the incident to authorities and customers.
BN: Will we see attack patterns following the consumer onto mobile devices?
RV: Brazilian actors are already targeting mobile devices. The main attack patterns are phishing campaigns and rogue mobile applications in official stores like Google Play. One possible reason why that platform is being targeted is the less strict security controls.
You can find out more about the report on the Recorded Future blog.