Brazilian businesses in crosshairs of dark web threats, says Kaspersky

Drawing from cybercriminal forums and underground marketplaces, Kaspersky’s report identifies Brazil as a prime regional target due to its economic strength, with key threats including ransomware, infostealers, data breaches, and the sale of initial access.

A new report from Kaspersky’s Digital Footprint Intelligence (DFI) team reveals significant dark web threats targeting Brazilian organizations. Based on insights from cybercriminal forums and underground marketplaces, the report identifies Brazil as a key regional target, driven by its economic growth, rich resources, and diverse business landscape.

Kaspersky’s findings reveal a complex web of cyberthreats targeting Brazil: the main dangers are ransomware attacks, initial access sale, infostealing malware and alleged data breaches.

Ransomware attacks: The report uncovered that at least 105 Brazilian organizations fell victim to ransomware attacks in 2024, with some targeted more than once, bringing the total number of incidents to 114. Healthcare, financial services and professional service providers were the most targeted sectors. Notably, ransomware groups such as RansomHub, Arcus Media, Lockbit 3.0, Quilong and Eraleign were behind the attacks on 53% of all organizations affected by ransomware in 2024, according to dark web sources.

Accesses to corporate infrastructure for sale: Threat actors, from individual cybercriminals to ransomware gangs and APT groups, regularly need access points to develop their attacks.  Kaspersky’s team identified over 100 dark web listings advertising initial access to the networks, devices, hosts, services, or systems of Brazilian companies and state entities. However, it’s worth noting that some deals may take place without being published on dark web resources. Malicious actors may be privately cooperating with well-known initial access brokers – Kaspersky experts observe related requests from time to time, meaning the actual number of accesses for sale may be higher.

Alleged database leakages: In 2024, cybercriminals published 586 ads offering databases for free or for sale, with 53% allegedly being corporate data breaches affecting 185 Brazilian organizations. Governmental entities, telecoms and professional services were the most affected, based on information cybercriminals claimed in their offerings, highlighting the urgent need for a well-tuned security posture for organizations in the country.

Other databases contained information on individuals. These included unspecified databases with personal information, as well as mixed or targeted lists compiled in various ways.

Data-stealing malware activity: A staggering 37 million records of compromised user accounts associated with Brazilian services and resources were found in malware log files published by attackers in 2024. 15% of all records – 5.6 million lines published in 2024 and over 15 million across the last three years – contain accounts belonging to employees of major Brazilian state agencies or those used to access various government services for citizens and corporations.

Info stealer activity in general continues to rise, with infections skyrocketing year on year. Kaspersky Digital Footprint Intelligence provides a dedicated info-hub devoted to analyzing and countering this type of threat. Over 60% of the 2024 info stealer activity in Brazil was traced back to malware families RedLine and Lumma, which target everything from browser data and saved credentials to government service accounts.

“Cybercriminals are continuously evolving their methods, and Brazil is now firmly in their crosshairs,” said Vera Kholopova, Senior Analyst at Kaspersky Digital Footprint Intelligence. “What we’re seeing in Brazil is a perfect storm of high-value targets and increasing digital exposure, creating the ideal conditions for complex, targeted cyberattacks. It is therefore increasingly important to take a proactive and rapid approach to defending against cyberthreats, attacks and other cybersecurity incidents – in other words, to stay one step ahead of potential adversaries.”

To access the full “Dark Web Threat Landscape in Brazil” report or explore Kaspersky’s security solutions, visit dfi.kaspersky.com. To mitigate these threats, Kaspersky recommends the following:

·       Maintain a robust IT asset inventory and patch vulnerabilities regularly.

·       Implement multi-layered security solutions like Kaspersky Next for detection and response.

·       Invest in cybersecurity education for employees to reduce human error risks.

·       Continuously monitor your digital environment for anomalies and threats.

·       Use up-to-date threat intelligence (TI) to understand attacker tactics and adapt defenses.

Monitor dark web activity for early warning signs of impending attacks or data leaks.