Brazillian cyber gangs are becoming more adept at stealing data and demanding ransom, outpacing the efforts of law enforcement agencies struggling to keep up with the surge in cybercrimes. The country’s federal cybersecurity agency reported record monthly highs for cybersecurity incidents in January and April of this year.

Notably, major financial institutions with advanced cybersecurity measures have fallen victim to these cyber attacks. On July 1, a group operating under the name RansomHub initiated the leak of stolen information from Brazil’s Financial Co-operative System (Sicoob) after announcing a ransomware attack on their data.

In Brazil, a country with a significant online presence in various sectors such as banking, healthcare, and education, the value and vulnerability of data have increased substantially. Nearly half of the cyber attacks detected by the government in 2024 involved data leaks, highlighting the critical need for enhanced cybersecurity measures across industries.

Stealer software, a type of malware designed to extract login information and credentials, has been a significant threat in Brazil. According to cyber threat intelligence company SOCRadar, Brazil experiences more attacks involving stealer software than any other country globally. Additionally, ransomware attacks have also become prevalent, locking up organizations’ data with unbreakable encryption until a ransom is paid or the data is leaked.

Daniela Dupuy, cybercrime prosecutor and director of Argentina’s Observatory of Cybercrime and Digital Evidence for Criminal Investigations, emphasized the value of data in the current landscape, describing it as “gold” in the digital realm.

Brazil’s cybercriminal groups often collaborate, with members specializing in different aspects such as malware development, fake website creation, and money laundering. UNC5176, one prominent group identified by researchers and law enforcement, has targeted financial institutions across Latin America and Spain using malware like the URSA Trojan or Mispadu.

Another prevalent malware, Grandoreiro, has been spreading in Brazil primarily through the actions of the group FLUXROOT. Moreover, the cybercrime group PINEAPPLE has impersonated Brazil’s federal tax service, sending fake emails to victims and creating malicious software installations through cloned government websites.

Unlike the common association of cybercrime with the dark web, Brazilian groups tend to operate more openly using platforms like Telegram and WhatsApp, facilitating recruitment and communication within the cybercriminal community.

The remote nature of cybercrimes poses significant challenges for law enforcement in identifying and apprehending perpetrators, especially in cases of transnational cyber attacks. Jurisdictional issues, language barriers, and varying legal frameworks complicate cooperation between different agencies and countries.

Despite efforts by the Brazilian government to enhance cybersecurity measures, the country still lags behind many of its counterparts globally. Prevention remains a challenge, with stealer software often evading traditional antivirus scans and relying on social engineering tactics to trick victims into installing malware.

As the awareness of organized cybercrime grows, businesses in Brazil are increasingly investing in cybersecurity defenses and proactive testing to mitigate risks and vulnerabilities before falling victim to cyber attacks. Cyber threats are now considered the second-highest risk for businesses in Brazil, underscoring the urgent need for robust cybersecurity measures in the digital age.

Lidhja e burimit