In the first six months of 2023, Brazil faced 328,326 distributed denial of service (DDoS) cyberattacks, accounting for 42 percent of all such incidents in Latin America, according to a report by Netscout.
For the tenth year in a row, the country was near the top of the list of global targets, behind only the U.S. Another report by Trend Micro also ranked the country as the second most vulnerable in the world to cyberattacks in the first half of 2023, especially those involving malicious files and ransomware — in which criminals block victims’ access to their own data until they pay a ransom.
Last year’s activity report from Brazil’s Data Protection Authority (ANPD) also pointed to ransomware attacks as the majority of incidents (97 out of 163) reported in the first half of 2023.
But why is Brazil a prime target for these attacks?
The answer, according to Geraldo Guazzelli, general director of Netscout in Brazil, has to do with the country’s size and increasing penetration of internet access.
Brazil is currently the world’s ninth-largest economy, and it has more smartphones than people — 249 million devices, or 1.2 smartphones per inhabitant, according to a recent study by the Center for Applied Information Technology at the think tank Fundação Getúlio Vargas.
The number of households with fixed and mobile broadband has also increased significantly since 2016, from 79.2 percent to 81.2 percent and from 83.5 percent to 86.4 percent, respectively, according to data from the country’s statistics institute, IBGE.
Brazil is also home to major multinational corporations and one of the most developed financial systems in the world. Piracy — or the Brazilian culture of trying to access paid services “for free” — is also often cited as a reason for the country’s current cybersecurity situation.
On top of all that, Brazil is known for being an early adopter of new technologies. About 70 percent of the population, or more than 142 million people, used the internet on a daily basis in 2022, with 80 percent of them accessing social media — compared to 61 percent globally — and 92 using messaging platforms, according to the latest survey by the Regional Center for Studies to the Development of the Information Society (Cetic.br).
More sophisticated cyberattacks
Throughout 2023, cloud service and cybersecurity provider Akamai found that DDoS attacks have become more frequent, longer lasting, more sophisticated (with multiple vectors or entry attempts), and larger (targeting multiple IP destinations at once). Nearly 30 percent of the attacks the firm observed last year were classified as “massive” or “horizontal” because they targeted multiple IPs simultaneously.
Akamai also saw a significant increase in DDoS attacks at so-called “level 3” (related to network infrastructure overhead) and “level 4” layers, which exploit vulnerabilities in transport protocols. “The number of these attacks has reached an all-time high, nearly 50 percent highert than in 2021,” the company said.
In most cases, criminals aim to cause damage by disrupting services, causing productivity and financial losses, and drawing public attention to something specific.
Netscout also noted the increasing sophistication of these attacks.
“The largest attack in Latin America in the first half of 2023 was one in Brazil with over 900 megabytes, which is almost a terabyte, using three different vectors, which means three types of attacks trying to get into the victim’s network or system,” Mr. Guazzelli says, adding that his company has seen an increase in the volume capacity of these attacks of 10-15 percent per year.
In order to create artificial traffic, cyberattackers purchase networks of infected devices that they can use as they please, typically to overload their targets. “They can now easily buy more capacity on the deep web.”
On the other hand, ransomware threats detected by Trend Micro indicate a shift from mass attacks to more targeted ones. After reaching a peak of more than 1 billion threats detected and blocked by the company in 2016, cyberattacks of this kind dropped to 14.17 million globally last year.
“We also noticed a decrease in spam attachments [from 77 million globally in 2018 to 16.5 million last year], but that doesn’t mean email attacks are declining, instead they’re becoming more sophisticated. Cyber attackers are shifting from traditional mass spam messages to spear-phishing, which means using more sophisticated social engineering to target specific individuals, executives in a company,” Flavio Silva, Trend Micro’s technical manager, tells The Brazilian Report.
Another important change is that internet, cloud hosting, and other infrastructure providers — who are at the forefront of the fight against cybercriminals — have realized that Brazil is no longer just a target, but also a source of attacks.
“Since the last decade, these service providers have realized that having a protection and mitigation infrastructure abroad is no longer enough to protect Brazilian companies. They had built structures locally to better serve sectors such as finance, telecoms, and utilities,” says Mr. Guazzelli.
This is also linked to the rise of data centers in Latin America. According to forecasts by Hawk, the region’s technology adoption is expected to grow faster than elsewhere next year, with demand for megawatts six times higher in the next decade in markets such as Mexico, Brazil, Chile, and Colombia.
Companies, know your processes
Beyond threat monitoring and reporting, Akamai, Netscout, and Trend Micro offer several technologies to help companies protect their digital environments from all types of cyberattacks. However, experts agree that breaches are often related to badly structured processes and poorly trained personnel.
Mr. Silva, Trend Micro’s technical manager for Brazil, says companies’ IT and security teams need to know how things are done and how their company and its departments work so that any suspicious processes can be quickly identified. “If [cybersecurity tools] have evolved for this, what companies often end up ignoring is the process side,” he warns.
And even if large companies are mainly covering these gaps, Mr. Silva explains, it is through their suppliers — mostly small and medium-sized businesses — that criminals will try the same tactics, looking for a loophole in the network. Understanding processes is therefore an activity that also involves the company’s suppliers and primary stakeholders.
Mr. Guazzelli points to the need for skilled professionals to reach a higher level of maturity within companies. “In this respect, service companies — what we call integrators in the sector, who connect the existing technologies to the needs of small and medium-sized companies, allow them to pay for it, and provide them with a customized security package — play a fundamental role.”
This is exactly the case of FastHelp, a Brazilian IT and cybersecurity company that serves large, medium, and small businesses across multiple sectors.
“The weakest link is always the human one. So for all the companies we serve, regardless of their size, one of the focuses for 2024 is to convince them to invest in training and awareness. Sometimes the company has the tools and the team, but the team does not have the necessary skills to face the current threats,” says FastHelp coordinator Wladimir Fragoso.
“That’s why one of the services we offer the most is a [security operations center], even for large corporations,” adds Alex Miquetti Almeida, FastHelp’s project and services manager and CTO.
A security operations center, or SOC, is a facility that houses an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis.
A SOC team aims to detect, analyze, and respond to data security incidents using a combination of technology solutions and a robust set of processes. There are teams of security analysts and engineers who work together with the companies’ internal index teams, building protocols and, most importantly, responding quickly to threats.
“It’s often challenging to convince companies that this isn’t just another expense. They usually come to us after they’ve been attacked, not before,” says Mr. Almeida. Changing that mindset in an era of AI-driven threats may be critical.
Search
