OREANDA-NEWS. November 16, 2015. Kaspersky Lab has released the first report in a new Cyber Underground series revealing the hidden life of cybercriminals in Brazil, a country ranked among the most dangerous for digital citizens. The constant monitoring of Brazilian cybercriminals’ malicious activities provides IT security companies with a good opportunity to discover new attacks related to financial malware. The report reveals local cyberattacks and international cooperation with criminal groups in Eastern Europe, unsound government security, and theft of money and private data.

Monitoring such activity around the world allows Kaspersky Lab to foresee the emergence of a certain cyberattack and fine-tune protection methods, based on the knowledge obtained in another region. As the Brazilian Cyber Report details, the threat landscape in Brazil is region-specific. One unique attack is on boletos, banking documents specific to Brazil, used both online and offline to transfer money and pay for the goods. Boletos are part of online-offline system where one generates a payment order on a computer, but then prints it on paper and goes to the brick-and-mortar institution to proceed with the transaction. Boletos rely on barcodes, and cybercriminals have found a way to manipulate them to redirect money transfer to a different account.

Despite attacks focused within Brazil, the report reveals how Brazilian criminals reach out to their colleagues in Eastern Europe to share techniques, exchange favors and purchase services like bullet-proof web hosting. There is sufficient evidence that Brazilian criminals are cooperating with the Eastern European gangs involved with ZeuS, SpyEye and other banking Trojans created in the region.

“One could imagine the work of Kaspersky Lab’s security experts as day-after-day crunching of malicious code. And this perception is quite true, but the expertise in social and business side of the cyber underground is also important. This report shows some examples of this intelligence that helps us to fine-tune the protection for our customers and develop new security technology. In Brazil, like in almost all other countries, we know the agenda of cybercriminals; their current heists and future plans. Combining this knowledge with deep technical expertise of cyber threats, we are able to fight the cybercrime even more efficiently. At the same time, when you look at the Brazilian cyber environment, you see that even the greatest effort from a security company is not enough. The solution to a safer cyberspace is intelligence sharing and cooperation between the security industry, businesses and government, including law enforcement,” commented Fabio Assolini, senior security researcher at Kaspersky Lab’s Global Research & Analysis Team.

In 2014, Brazil was ranked as the most dangerous country for financial cyber-attacks, but due to vague legislation regarding cybercrime, Brazil has seen fewer arrests for cybercrimes with criminals spending little to no time in jail. Perceived immunity leads to cybercrime operating almost in the open, with criminals selling their goods and tools as a legitimate business, with flashy landing pages and social network promotion included.

Another notable weakness of the Brazilian cyber environment is security of government and corporate IT resources. The report provides quite shocking examples, such as a seriously flawed government online resource leaving sensitive data about almost every Brazilian citizen in the open. Cybercriminals are selling access to statewide data brokers, containing mass amounts of private data, for a mere few dollars. In addition, an attack on a state IT resource, has directly led to further elimination of the Amazon rainforest.

The report explores the business-to-business operations of the Brazilian cyber underground, when different groups cooperate and share their own part of intelligence or technology with each other. The so-called criminal-to-criminal ops are highly developed and widespread: a criminal is granted access to almost any service one can imagine, from illegal access to private data, to made-to-order development of malware.