Brazil: How cybercriminals may take advantage of a political crisis

This is a contributed piece by Luiz Eduardo Technical Director LATAM for FireEye


Due to the economic and political situation in Brazil it is common to hear that some information security projects have simply lost priority due to budget cuts. Many institutions would rather wait for improvement in the economic landscape before making any investment.

For the threat actors, the lack of budget is irrelevant. Across the globe, these actors take advantage of political instabilities to increase their destructive activities. While for businesses the first thing that comes to mind are the common consequences of a cyber-attack.

However, while this is interesting it is also rather well known. What we tend not to think of is the opposite situation: how do attackers take advantage of a political crisis to make a political statement?

For a country like Brazil with good diplomacy and without participation in wars and conflicts, there may be a false impression that it is not important to anyone else or even worse, as we have witnessed in some meetings, “these types of cyber attacks have not arrived in Brazil yet”.

But this can’t last forever. Because whereas some foreign companies and governments might question their investment and alliances with a country in crisis, others see all of these negative events as the potential for great opportunities.

So, what if the threat actors can help businesses and governments to see this potential with greater clarity?

Other than a few events in the second half of 2015 the cyber world has been eerily quiet in Brazil recently. There were some attacks related to the defacement of government or political party websites, others related to leakage of government agencies data.

Yet there has been no call to action by hacktivist groups as of this writing, no simultaneous cyber attacks along with the demonstrations in the streets. All this silence should be suspect, with a current political atmosphere that is very polarized. Yes, the world may be busy with a number of global events, but what is happening in Brazil has global relevance.

More worryingly, case studies reveal that an attacker is, on average, 146 days within the infrastructure of an organization until the attack is discovered. These days the threat actors are much better organized than before, they are persistent and still have nothing to lose.

Brazil has evolved with respect to laws specific to e-crimes, including a new anti-terrorism law that covers sabotage or gaining control of communications and critical-infrastructure. And while it is a clear development to finally see laws that consider possible technological threats, these laws should be more assertive in regards to the possible motivations of an attack. Because although all organizations are now better prepared for protection against what we call the known-attacks, the real problem is the lack of protection against unknown-attacks.

So, if the number of cyber attacks against your organization in Brazil has remained the same or increased this can actually be a good sign. However, if the number decreased considerably or simply disappeared, it is quite possible that your organization has already been compromised.


« Huawei launch reactions: Will Huawei's 'full scale assault' be enough?


Port to (Data) Port: What Linux containers can learn from shipping containers »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?