Selected attacks and fake news are threat trends in Brazil 2022

New year, new life, but not necessarily for cyber threats, which should come in 2022 increasingly evolved and targeted compared to what we saw in 2021. The idea is that the focus of criminals in Brazil, both in terms of espionage and ransomware, should gain even more serious contours, while the bad guys focus on attacks that have greater potential profitable, if not destructive.

  • Fraud using online payments increases by 208% before Black Friday
  • Businesses must reach the New Year more secure, but threats must also grow

This is the perspective of Kaspersky , which paints an increasingly dangerous scenario not only in our country, but for the world. The bases are already known to specialists, managers and users — financial gain — while the methods gain an air of sophistication and segmentation aimed at maximizing profits and reaching people and corporations where they are most vulnerable.

“Brazilian cybercriminals remain focused on financial attacks and are increasingly immediate, differentiating [scams] between end users and corporations,” says Fabio Assolini, senior researcher at Kaspersky. Meanwhile, in his view, modern incident mitigation and recovery mechanisms are lacking, while any slip can be extremely damaging. “The devil lives in the details, while in Brazil, many are betting only on antivirus protection. In the current scenario, it's like protecting a house with just a small padlock”, he adds.

Follow on Instagram : follow our backstage, chat with our team, clear your doubts and know first hand the news that is to come at Canaltech.

Faced with a scenario that is, at the same time, quite varied and extremely focused, the security company raised some elements that will become trends in the digital threat landscape in 2022. The indications, too, are warning signs for the direction that the cybercrime will follow and on which doors need to be closed to prevent data, operations and systems from falling into the hands of increasingly specialized and aggressive banks.

Ransomware and legislation

Data protection legislation such as the LGPD puts pressure on Brazilian companies, which may end up giving in more quickly to bailouts (Image: Scott Graham/Unsplash)

Digital hijacking attacks are expected to remain the biggest threat to corporations in the coming year, but Kaspersky warns of increasingly targeted scams. Amidst the complete locking of files and extortions aimed not just at release, ransom requests are increasingly being localized, both in terms of values and to leverage regional regulations and legislation that can serve as pressure.

"The LGPD is a differentiator for cybercriminals, as the prospect of punishment generates a greater probability of paying a ransom", says Assolini. With fines that involve percentage of billing, for example, many companies are compelled to negotiate as quickly as possible, so as not to see the data of their customers and partners becoming public. Today, the expert points out, most targets deliver the requested amounts when they find themselves between that cross and the sword.

In this scenario, a second trend emerges, with companies that take out ransomware insurance being preferred by cybercriminals. According to Assolini, the idea is that such corporations paid higher amounts extremely quickly, to the point that many insurance companies in Europe are stopping the sale of coverage of this type, in a case of protective measure that backfired.

“The [ransomware] targets are handpicked, with values the bad guys know companies can afford. With that, the region becomes a preferential target”, completes Assolini. In his view, government moves could curb this growth in years to come, such as a US government proposal to ban dealings with criminals in key industries such as financial services and government agencies. Such measures, points out the expert, can reduce the numbers if applied in other territories, but they are still far away.

Fraud, data and all the rest

Financial fraud, Android malware and bet on the lack of security of hybrid regimes should remain threats against common users, with criminals always looking for profit (Image: poungsaed_ecoa/Envato)

As digital hijacking cases continue as a trend in the corporate world, financial fraud will also remain, in 2022, as the main threat against end users. Kaspersky points to the consolidation of banking and remote access trojans for the Android OS as trends, as well as credential theft malware that will become more and more present.

Again, we're talking about segmentation, with the bad guys focusing on the most vulnerable and open platforms, as well as preparing for bigger attacks. Cloned bank accounts and cards are small but interesting fish in a home office scenario or hybrid regimes where an attack on an end user, whether through pirated software or phishing, can lead to much greater openness in a corporate network .

Kaspersky's diagnosis points to a growing interest from international attackers in user data from Latin America, while the return of economic activities should resurrect exploitation of card machines and points of sale. Digital payments made through cell phones should be the bridge between the reopening and the period of isolation and, also, a focus of interest for the criminals.

Assolini also points to the rise of a category of malicious software known as grayware, which is on the threshold between malice or not. According to him, these are applications that can be used by network administrators, but which in the wrong hands, can also open doors for attacks against end users and corporations. “The attack surface is very large and it gets bigger and bigger. There are many entrances and, for a complete defense, it is necessary to monitor them all”, completes the specialist, painting a complex scenario.

Espionage and politics

With the 2022 elections, fake news and trolls should try to dominate political debate, but contrary to what happened abroad, foreign interest in Brazil should be related to industrial espionage and not manipulation (Image: Divulgação/Disney)

2022 is election year in Brazil and, for Kaspersky, this should translate into an increase in the use of fake accounts and fake news dissemination systems. In Assolini's view, political manipulation and attacks on opponents should be the metric here, while there is little possibility that the claim will be used as bait for malware or phishing attacks.

"The bet is on the delay of social networks to act against such practices and this applies not only to fake news, but also to other types of fraud disseminated through this medium, which always find late reactions", completes the expert. In addition to the elections, moments of social upheaval are also likely to stage the so-called troll factories, with Kaspersky talking about a widespread use of this type of solution to control speech and power.

Meanwhile, behind the scenes, international agents are increasingly interested in information from multinationals and rival governments. Brazil is in this dance and, in Assolini's view, it has a key role due to its strategic and economic position. “Global actors may wish to spy on technologies developed here and this should lead to more attacks against government agencies that often do not reach the public eye,” he adds.

New technologies

The popularization of menus and payments by QR Code can be used for the practice of scams, while fraud involving cryptocurrencies should also grow (Image: Reproduction/Extra Income)

Kaspersky's prognosis also highlights an increasing consolidation of practices that have already attracted attention in 2021. Cryptocurrency miners, for example, should follow an interesting coup path for both end users and corporations, who will have their machines and servers being used to generate profits for criminals.

At the same time, the security company points to the increase in poverty and the devaluation of national currencies as a path to an increase in the theft of portfolios and financial assets. The idea is that users, looking to secure greater earnings or secure investments for the future, end up falling into fraudulent options involving easy earnings or phishing attacks that use the names of well-known institutions in the cryptographic market.

Experts also point to the emergence of a new type of fraud, involving QR codes that are increasingly used in society. Between restaurants that offer the menu in this way and transport services that pay by cell phone, malicious websites can be deployed to steal data or money, as well as install malware on customers' cell phones.

Read the article on Canaltech .

Trending at Canaltech:

  • 10 Harry Potter actors who have died
  • See the benefits that every MEI is entitled to and few people know
  • WhatsApp finally gets a native sticker maker, but there's a catch
  • Garimpeiro was looking for gold but ended up finding an even more valuable meteorite
  • Why is our universe perfectly tuned? Here's a possible explanation

9 thoughts on “Selected attacks and fake news are threat trends in Brazil 2022

Leave a Reply

Your email address will not be published.