In a newly released report, Kaspersky’s Digital Footprint Intelligence (DFI) team outlines major dark web threats facing Brazilian organizations. Drawing on sources ranging from cybercriminal forums to shadow marketplaces, the findings highlight Brazil as a prime target in the region for cybercriminals due to its economic development, abundant resources and business diversity.
Kaspersky’s findings reveal a complex web of cyberthreats targeting Brazil: the main dangers are ransomware attacks, initial access sale, infostealing malware and alleged data breaches.
Ransomware attacks. The report
uncovered that at least 105 Brazilian organizations fell victim to ransomware
attacks in 2024, with some targeted more than once, bringing the total number
of incidents to 114. Healthcare, financial services and professional service
providers were the most targeted sectors. Notably, ransomware groups such as
RansomHub, Arcus Media, Lockbit 3.0, Quilong and Eraleign were behind the
attacks on 53% of all organizations affected by ransomware in 2024, according
to dark web sources.
Accesses to corporate
infrastructure for sale. Threat actors, from
individual cybercriminals to ransomware gangs and APT groups, regularly need
access points to develop their attacks. Kaspersky’s team identified over
100 dark web listings advertising initial access to the networks, devices,
hosts, services, or systems of Brazilian companies and state entities. However,
it’s worth noting that some deals may take place without being published on
dark web resources. Malicious actors may be privately cooperating with
well-known initial access brokers – Kaspersky experts observe related requests
from time to time, meaning the actual number of accesses for sale may be
higher.
Alleged database leakages. In 2024, cybercriminals published 586 ads offering databases for free or for sale, with 53% allegedly being corporate data breaches affecting 185 Brazilian organizations.[1] Governmental entities, telecoms and professional services were the most affected, based on information cybercriminals claimed in their offerings, highlighting the urgent need for a well-tuned security posture for organizations in the country.
Other databases contained information on individuals. These included unspecified databases with personal information, as well as mixed or targeted lists compiled in various ways.
Data-stealing malware
activity. A staggering 37 million records of compromised user accounts
associated with Brazilian services and resources were found in malware log
files published by attackers in 2024. 15% of all records – 5.6 million lines
published in 2024 and over 15 million across the last three years – contain
accounts belonging to employees of major Brazilian state agencies or those used
to access various government services for citizens and corporations.
Info stealer activity in
general continues to rise, with infections skyrocketing year on year. Kaspersky
Digital Footprint Intelligence provides a dedicated info-hub devoted to
analyzing and countering this type of threat. Over 60% of the 2024 info stealer
activity in Brazil was traced back to malware families RedLine and Lumma, which
target everything from browser data and saved credentials to government service
accounts.
“Cybercriminals are
continuously evolving their methods, and Brazil is now firmly in their
crosshairs,” said Vera Kholopova, Senior Analyst at Kaspersky Digital Footprint
Intelligence. “What we’re seeing in Brazil is a perfect storm of high-value
targets and increasing digital exposure, creating the ideal conditions for
complex, targeted cyberattacks. It is therefore increasingly important to take
a proactive and rapid approach to defending against cyberthreats, attacks and
other cybersecurity incidents – in other words, to stay one step ahead of
potential adversaries.”
To access the full “Dark Web Threat
Landscape in Brazil” report or explore Kaspersky’s security solutions,
visit dfi.kaspersky.com. To mitigate
these threats, Kaspersky recommends the following:
- Maintain a robust IT asset inventory and patch vulnerabilities regularly.
- Implement multi-layered security solutions like Kaspersky Next for detection and response.
- Invest in cybersecurity education for employees to reduce human error risks.
- Continuously monitor your digital environment for anomalies and threats.
- Use up-to-date threat intelligence (TI) to understand attacker tactics and adapt defenses.
- Monitor dark web activity for early warning signs of impending attacks or data leaks.
About the Kaspersky Security Services
Delivering hundreds of information security projects every year for Fortune 500 organizations worldwide: incident response, managed detection, SOC consulting, red teaming, penetration testing, application security, digital risks protection. The Kaspersky Digital Footprint Intelligence experts identify suspicious activities on various dark web resources from forums and chats in messengers to cybercriminal marketplaces and ransomware blogs to timely notify an organization.
[1] To prevent unauthorized access to the affected companies' data during the research, the compromised information was not verified in any way.
