Why Brazil is one of the main targets of cyber attacks in the world

In a year that started with a massive data leak, we reached December having survived the blackout of WhatsApp, Facebook and Instagram, different scams by messaging apps, the hijacking of data from city halls in Santa Catarina, São Paulo, Mato Grosso and other states, and the invasion of T systems.streams of justice in Rio Grande do Sul and Amazonas – in addition to hacker attacks on private companies such as the Fleury group and To JBS.

This Friday (10), it was the turn of the SUS (Unified Health System) and, as a result, the Virtual School website, a distance learning environment linked to the Ministry of Economy.

“Actually, these are the attacks that surfaced. Many others happened and didn’t appear”, says Renato Tocaxelli, government manager at Trend Micro, one of the biggest cybersecurity companies in the world.

One thing is certain: Brazil is one of the biggest targets of cyber attacks.

A survey by the digital security company Avast showed that there was a 38% increase in ransomware-style attacks worldwide (hijacking of servers where criminals demand money for data hijacking) in 2021 compared to the previous year.

In Brazil, however, the increase was much greater: 92%. We almost doubled the number of hits.

The “home office”, the quick and not always very well-planned adoption of internet service systems and the fact that most companies in Brazil are small or medium-sized have made the application of these attacks much easier, according to Luis Corrons, associate researcher senior at Avast.

In the pandemic, according to him, companies, governments and even the Justice needed to quickly migrate to online systems.

In the process, a lot was done in a hurry. “Security, in many cases, was compromised. The network used at home, for example, is not the same as the company’s – and this opens up loopholes”, he says.

For small and medium-sized businesses, the vulnerability is even greater – and more devastating. With no money to hire professional Information Technology (IT) services, many of them turn to the famous “friend who knows about computers”.

And in these cases, these small companies usually get what they want: work on the internet. But security settings to act in the “cloud” are not always well done. Then, the door is open to attacks that could lead the company to close its doors.

A global survey carried out a year ago by Kaspersky, with 5,200 IT and cybersecurity professionals, more than 300 in Latin America, showed that the damage caused by a cyberattack for a small or medium-sized company can be between US$ 93,000 and US$163 thousand.

What differentiates one value from another? The decision to inform customers and society about the attack. The more the company tries to hide the scam, the higher the loss.

government bodies

But what about large corporations and autarchies, such as the Ministry of Health? Why are they also victims?

“Data hijacking scams like that make a lot of money. Gangs are always updating themselves, faster than the companies”, says Corrons.

At the end of last year, the Court of Justice of Pará was invaded by the hacker group NDA (Noias do Amazonas). The group, made up of Brazilian students, left a message on the TJ website: “Guilty hacking, hacking without the intention of hacking kkkkk (sic)”. But they didn’t ask for ransom. This type of attack is called in the middle of “graffiti”. After that, the TJ hired a company to reinforce the digital security systems.

In the case of the invasion made at dawn this Friday (12), which took data from the Connect SUS off the air, experts believe that something similar to what happened at TJ do Pará and also with WhatsApp, Facebook and Instagram happened, in early October.

For them, there would have been a DNS hijacking (or “Domain Name System” – Domain Name System) – and not a “ransomware” – which in a loose translation means “rescue system”.

“In ransomware, criminals gain access to an infrastructure, either because they remotely invade servers, or because an employee executed a malicious file giving permission for an outsider to gain access to your computer,” explains Fabio Assolini, senior analyst at Kaspersky security, specializing in digital security.

What happened to the Ministry of Health, however, was different. “There was no invasion of the servers. Attackers have taken over the administration and configuration of the site through DNS,” says Tocaxelli.

DNS is the system that makes the name of any website be “translated” into numbers, which is the language of computers.

“The correct thing would be to classify this attack as sabotage. The group that did this threatens to publish this data, make it public – unless they receive a payment. It is sabotage followed by blackmail”, says Assolini.

don’t pay anything

Regardless of the modality used to carry out the data sequestration, all experts are unanimous in saying: you should never pay the ransom in money requested by criminals.

“There is no guarantee that the data will be retrieved. After all, they are delinquents”, says Corrons.

Whether you are a large corporation or a small company, the best thing to do at this time is to look for the police specializing in cybercrime.

“There’s also an initiative called the ‘No More Ransom Project,’” says Corrons. Created by the Dutch Police’s High Tech Crime Unit, Europol’s European Cybercrime Center (EC3), and companies like Kaspersky and McAfee, the project helps data hijackers recover their information without having to pay criminals .

The ‘No More Ransom Project’ website, in Portuguese, has a step-by-step guide to helping victims, regardless of the size of the scam.

How to avoid attacks

Paying attention to security systems is essential, whether you are a company or just someone with a cell phone. “Use dual authentication factors for everything,” says the Avast executive.

“Doubt and check everything before clicking on something,” says Tocaxelli. “This is the main lesson that companies and local authorities need to teach their employees. Always be suspicious of everything.”

Sometimes, he says, an employee clicks on a malicious file and criminals take over just that machine.

“The problem is that, by dominating only one computer, hackers can move to other machines, without alerting the security system, because their system sends the message of that first infected equipment as if it were information from inside, from the house, and that dribbles the defenses”, says the specialist.

In the case of the Ministry of Health, he believes that this was the most plausible possibility of invasion.

After the damage has already been done, specialists advise victims to analyze where the attack was carried out, to eliminate the weaknesses that served as an opening for the invader.