Rising Dark Web Threats to Brazilian Organizations
A recent report by Kaspersky’s Digital Footprint Intelligence (DFI) team highlights a concerning trend for Brazilian organizations regarding cyber threats. This analysis draws from a variety of sources, including cybercriminal forums and shadow marketplaces, revealing that Brazil stands out as a prime target for cybercriminals due to its economic growth, wealth of resources, and diverse business environment.
Key Cyber Threats Identified
Kaspersky’s report details several major cyber threats facing Brazilian businesses, primarily focusing on ransomware attacks, the sale of initial access points, infostealing malware, and supposed data breaches.
Ransomware Attacks on the Rise
In 2024, a staggering number of at least 105 Brazilian organizations were reported as victims of ransomware attacks, some facing multiple incursions, which raised the total to 114 incidents. The sectors that experienced the brunt of these attacks include healthcare, financial services, and professional services. Notable ransomware groups, such as RansomHub, Arcus Media, Lockbit 3.0, Quilong, and Eraleign, were linked to over half (53%) of the ransomware incidents targeting organizations in Brazil, according to information sourced from the dark web.
Initial Access Listings in Dark Web Marketplaces
Cybercriminals, ranging from solo actors to sophisticated ransomware gangs and Advanced Persistent Threat (APT) groups, often seek access points to launch their attacks. The Kaspersky team identified more than 100 listings on the dark web that offered initial access to the networks, systems, and devices of Brazilian companies and government agencies. It’s essential to note that transactions may not always be publicly listed, as malicious actors can also engage privately with known initial access brokers. This indicates the potential for a greater number of access points being available than those documented.
Allegations of Data Breaches
Throughout 2024, cybercriminals released 586 advertisements promoting databases for sale or free access, with approximately 53% linked to alleged corporate data breaches affecting 185 Brazilian organizations. The government sector, telecommunications, and professional services faced significant threats according to these claims, underscoring the urgent requirement for enhanced security measures in Brazilian organizations.
Some of the databases compromised contained personal information, including generalized datasets and targeted lists compiled through various means, thereby widening the attack surface for potential data leaks.
The Growing Threat of Infostealing Malware
In a startling statistic, over 37 million user account records connected to Brazilian services were discovered in malware logs published by attackers during 2024. Of these, around 5.6 million entries were linked to employees of major Brazilian governmental bodies or accounts used to access various governmental services. This trend showcases the extensive reach that data-stealing malware has, particularly in targeting sensitive governmental information.
Kaspersky noted a consistent rise in infostealer activities, with more than 60% of the activity in Brazil for 2024 traced back to malware families such as RedLine and Lumma. These malicious programs typically target a variety of data, including browser data and saved credentials, posing substantial risks to individuals and organizations alike.
Expert Insights on Evolving Threats
“Cybercriminals are continuously evolving their methods, and Brazil is now firmly in their crosshairs,” explains Vera Kholopova, a Senior Analyst at Kaspersky DFI. She emphasizes that the combination of high-value targets and increased digital exposure in Brazil creates ideal conditions for complex and targeted cyberattacks. This development highlights the critical need for organizations to adopt proactive cybersecurity measures.
Recommended Strategies for Mitigation
Kaspersky offers several recommendations for Brazilian organizations aiming to mitigate these threats:
- Maintain a robust IT asset inventory and ensure vulnerabilities are regularly addressed.
- Utilize multi-layered security solutions for effective detection and response to cyber incidents.
- Invest in employee cybersecurity education to minimize risks arising from human error.
- Continuously monitor digital environments for anomalous activities and potential threats.
- Leverage threat intelligence to understand the tactics used by attackers and to adapt defenses accordingly.
- Keep an eye on dark web activities for early warnings concerning data leaks or impending attacks.
About Kaspersky Security Services
Kaspersky conducts numerous information security projects annually for Fortune 500 companies across the globe, focusing on incident response, managed detection, and protecting digital risks. The Digital Footprint Intelligence team actively monitors various dark web resources, including forums and cybercriminal marketplaces, to alert organizations of suspicious activities.
For further details, organizations can access Kaspersky’s full report on the "Dark Web Threat Landscape in Brazil" and explore their comprehensive security solutions.
