Brazil’s cybercrime underground is attracting a whole new generation of brash young aspirants happy to flaunt their wares on the Surface Web while local law enforcers are occupied with more pressing concerns, according to Trend Micro.
The security giant’s latest report, Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015, claims that cybercrime offers young adults the opportunity to gain notoriety, make money and rise to the top of their chosen field.
In this country, cybercrime is a game played mainly by individuals keen to make a name for themselves—whether they are the young developers, often computing students, or the operators who buy their malware or rent crime-as-a-service offerings.
Banking malware is the most commonly found offering on the underground markets—a reflection of the popularity of online banking in the country.
However, more recently, localized ransomware; modified Android apps configured to pay for prepaid credits with stolen credit card credentials; and PII-querying services have started to make an appearance.
Other staples include keyloggers, DNS changers, and cybercrime training services.
The latter seems to be feeding off the growing number of new recruits to the cybercrime underground, with courses in carding and crypter programming available for as little as $50, according to Trend Micro.
The security firm also found a healthy trade in credit card-related offerings, such as: access to card details via compromised online shop administrator panels; stolen card credentials; credit card number generators; PoS skimmers; modified EMV card readers; and card transaction approval services training.
The Brazilian cyber underground has replaced the real world as the venue of choice for buying fake docs like school leaving certificates, and counterfeit money.
Jon Clay, Trend Micro’s Senior Global Marketing Manager, claimed the underground is mainly domestically focused, although some activity like PoS malware has encroached into other regions.
“The Brazilians specialize in banking trojans and ransomware and widely provide training to criminals throughout the region, so the activities of these cybercriminals will likely remain mostly domestic due to the high number of victims available to them in Brazil who online bank,” he told Infosecurity.
“We may see more selling of malicious tools to other regional cybercriminals who learn of the Brazilian criminals' efforts in this area.”
Despite the fact Brazilian cybercriminals are happy to conduct many of their affairs on the indexed web—because cybercrime is not as heavily penalized as in other countries, and police have more pressing matters to deal with—Trend Micro predicts a move to the Deep Web in future.
Developers and operators using money mules and bank accounts to get at their profits are especially at risk of getting caught, so they may look to Bitcoin and darknets, the report claimed.
“We aren’t likely to see a reduction even if law enforcement improves as the cost of entry is so low and the ability to make money so high. Brazilian cybercriminals are likely to remain untouchable due to technological prowess and corruption,” argued Clay.
“This trend—increases in cyber underground activity and members—is consistent with the other regions we’ve researched as well. Also, Brazilian law enforcement is focusing its efforts on other concerns within that country right now.”
Photo © Gualberto Becerra