All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated only with the Onion Routing (TOR), the DeepWeb's ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET, and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host malware, high-resilient botnets, underground forums and bitcoin-based cashout systems (e.g., for cryptolockers).
We designed and implemented a prototype system called DeWA for the automated collection and analysis of the DeepWeb, with the goal of quickly identifying new threats as soon they appear.
In this talk, we provide concrete examples of how using DeWA to detect, e.g., trading of illicit and counterfeit goods, underground forums, privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.
Digital technology has transformed organizational life. Developments in communications, and in information storage and retrieval, to name just two areas, have greatly enhanced the efficiency with which legitimate organizations operate. Unfortunately, the benefits of digital technology are not lost on criminal organizations, which exploit digital technology to enhance the efficiency and effectiveness of their own operations. This paper will discuss the organized criminal exploitation of digital technology, by looking at a number of illustrative cases from Asia and around the world. It will discuss the various types of “conventional†organized crime that can be facilitated by digital technology, as well as terrorism, which itself can be regarded as a special kind of organized criminal activity. One fundamental question that the paper will seek to address is whether the activities of Asian organized crime have become substantively different as a result of technology, or whether traditional organized criminal activities in Asia are merely being conducted on a more efficient and effective basis. The paper will note the transnational nature of much organized criminal activity, and will discuss mechanisms for the control of organized crime in the digital age. Dr. S. Krishnan | Mr Harsh Pratap | Ms Sakshi Gupta "Organised Crime in the Digital Age" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd41185.pdf Paper URL: https://www.ijtsrd.comcomputer-science/computer-security/41185/organised-crime-in-the-digital-age/dr-s-krishnan
Anatomy of an Enterprise Social Cyber Attack ZeroFOX
By now, social media has clearly established itself as a dominant force in our lives: Nearly three-quarters of adults who go online use a social network of some kind. More than two of five use multiple social network sites. As a result, cyber criminals are flocking to these sites to trigger attacks, targeting users and organizations. In fact, one-third of data breaches originate via social networks, and companies suffer an average of $5.4 million per attack.
Read More: https://www.zerofox.com/blog/the-anatomy-enterprise-social-cyber-attack-infographic/
Ransomware-as-a-Service: The business of distributing cyber attacksΔρ. Γιώργος K. Κασάπης
Ransomware is proving to be a profitable endeavor for cyber criminals. It is also what is fueling a newer trend: the business of offering management of ransomware attacks, or Ransomware-as-a-Service (RaaS).
Fueled in part by the ability to use cryptocurrency to avoid detection, cyber criminals are setting up shop as a managed service provider, helping other cyber criminals conduct business on their platforms for a fee. For that fee, cyber criminal groups get personalize access to platforms, complete with dashboard capabilities, that allow them to easily distribute their ransomware. Also included – technical support. Such full-service offerings mean that nearly anyone with internet access can launch a ransomware attack without any technical knowledge needed.
And why not? The estimated return on investment from ransomware campaigns can easily reach 1400%. The lure of a lucrative return could well attract beginners or anyone with a grudge. For organizations, the threat coming from a well-backed beginner is as damaging as one coming from a career criminal.
This Imperva Hacker Intel report details the never-before-seen details on an attack by hacktivist group 'Anonymous' against a high-profile unnamed target during a 25 day period in 2011. The report offers a comprehensive analysis of the attack, including a detailed timeline of activities from start to finish, an examination of the hacking methods utilized, as well as insights on the use of social media to recruit participants and coordinate the attack.
Every year Group IB releases reports on the development of high tech and cyber-crime, describing new tendencies and interesting emerging trends from recent months and forecasting future threats. This report covers the second half of 2014 and the first half of 2015.
In last year’s report we primarily forecast the increase in targeted attacks on banks. This has been mostly accurate and accordingly, in the second half of last year, the Anunak hacking group, also known as Carbanak, carried out a series of thefts for hundreds of millions of Rubles from the banking sector. However, after the publication of the co-authored Group IB and Fox-IT report, which outlined the group’s methodology, they ceased their activity.
Despite this, as predicted, new hacking groups have appeared conducting similar attacks, for example, the much discussed targeted attack on a Kazan based bank, which resulted in volatility on the currency exchange market of over 10 Rubles to the US Dollar for a short period.
Our predictions of increased attacks on ATMs were also correct. Group IB has discovered new Trojans and insider fraud, and also new equipment, including Blackbox, a tool which hackers developed and installed on cash machines, allowing them to receive remote access to systems.
Following research and analysis of the threats to mobile devices, Group IB predicted an increase in the amount of mobile Trojans that allow hackers to automatically transfer money from bank accounts, sidestepping the most advanced bank security systems. This prediction was correct in assessing the speed of development in this area of fraud and accordingly we have allocated a specific section of this year’s report to this growing issue.
Another major forecast was a decrease in the amount of thefts from individuals, using Trojans which reroute users to phishing sites. Thanks to the arrest of participants in one of the most aggressive hacking groups using this scheme, the amount of thefts was not just lowered but completely stopped. More details are provided in the Group IB completed investigations and arrested criminals section of this report.
We also predicted an increase in the attacks on Russian internet and digital resources by hacktivists and again were correct. Hackers affiliated with ISIS carried out over 600 attacks which Group IB analysed and assessed in a separate report on their international activity.
Check Point Research outlines a new hacktivism model currently being observed across the world. Five traits define the current form of hacktivism according to researchers the following: ideology of politics and leadership structure formal recruitment, sophisticated tools, and public relations. CPR provides the hacktivist group Killnet to illustrate the current model, describing the attacks it has carried out by country as well as an the timeline of attacks. CPR is concerned that hacktivism which originates from conflict-related regions could spread across the globe.
• Prior to that, hacktivists were mostly focused on a handful of individuals who carried smaller-scale DDoS as well as defacement and DDoS attacks
• Today, hacktivism is more structured, well-organized and sophisticated.
• CPR believes that the new form of hacktivism started in conflict areas of Europe's Middle East and Eastern Europe and spread to other areas by 2022.
Check Point Research (CPR) provides a new definition of hacktivism, which is currently trending globally. Hacktivism under this new style is more organised, well-organized and advanced, in comparison to previous. Hacktivist groups do not consist of just a few individuals who perform small DDoS or defacement attacks on websites with low levels of security. They are organized groups with distinct features previously unknown.
One of the key methods cybercriminals are using is ransomware, most famously the Cryptolocker malware,
and its numerous variants, which encrypts the files on a user’s computer and demands the user to pay a ransom, usually in Bitcoins, in order to receive the key to decrypt the files. But Cryptolocker is just one approach that criminals are taking to demand ransom, and the techniques are evolving on a daily basis. To guard against ransomware, it is not enough to know the malware that is making the rounds that day. It is vital to have a broader understanding of the topic, so one can take effective countermeasures against this evolving threat.
All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated only with the Onion Routing (TOR), the DeepWeb's ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET, and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host malware, high-resilient botnets, underground forums and bitcoin-based cashout systems (e.g., for cryptolockers).
We designed and implemented a prototype system called DeWA for the automated collection and analysis of the DeepWeb, with the goal of quickly identifying new threats as soon they appear.
In this talk, we provide concrete examples of how using DeWA to detect, e.g., trading of illicit and counterfeit goods, underground forums, privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.
Digital technology has transformed organizational life. Developments in communications, and in information storage and retrieval, to name just two areas, have greatly enhanced the efficiency with which legitimate organizations operate. Unfortunately, the benefits of digital technology are not lost on criminal organizations, which exploit digital technology to enhance the efficiency and effectiveness of their own operations. This paper will discuss the organized criminal exploitation of digital technology, by looking at a number of illustrative cases from Asia and around the world. It will discuss the various types of “conventional†organized crime that can be facilitated by digital technology, as well as terrorism, which itself can be regarded as a special kind of organized criminal activity. One fundamental question that the paper will seek to address is whether the activities of Asian organized crime have become substantively different as a result of technology, or whether traditional organized criminal activities in Asia are merely being conducted on a more efficient and effective basis. The paper will note the transnational nature of much organized criminal activity, and will discuss mechanisms for the control of organized crime in the digital age. Dr. S. Krishnan | Mr Harsh Pratap | Ms Sakshi Gupta "Organised Crime in the Digital Age" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd41185.pdf Paper URL: https://www.ijtsrd.comcomputer-science/computer-security/41185/organised-crime-in-the-digital-age/dr-s-krishnan
Anatomy of an Enterprise Social Cyber Attack ZeroFOX
By now, social media has clearly established itself as a dominant force in our lives: Nearly three-quarters of adults who go online use a social network of some kind. More than two of five use multiple social network sites. As a result, cyber criminals are flocking to these sites to trigger attacks, targeting users and organizations. In fact, one-third of data breaches originate via social networks, and companies suffer an average of $5.4 million per attack.
Read More: https://www.zerofox.com/blog/the-anatomy-enterprise-social-cyber-attack-infographic/
Ransomware-as-a-Service: The business of distributing cyber attacksΔρ. Γιώργος K. Κασάπης
Ransomware is proving to be a profitable endeavor for cyber criminals. It is also what is fueling a newer trend: the business of offering management of ransomware attacks, or Ransomware-as-a-Service (RaaS).
Fueled in part by the ability to use cryptocurrency to avoid detection, cyber criminals are setting up shop as a managed service provider, helping other cyber criminals conduct business on their platforms for a fee. For that fee, cyber criminal groups get personalize access to platforms, complete with dashboard capabilities, that allow them to easily distribute their ransomware. Also included – technical support. Such full-service offerings mean that nearly anyone with internet access can launch a ransomware attack without any technical knowledge needed.
And why not? The estimated return on investment from ransomware campaigns can easily reach 1400%. The lure of a lucrative return could well attract beginners or anyone with a grudge. For organizations, the threat coming from a well-backed beginner is as damaging as one coming from a career criminal.
This Imperva Hacker Intel report details the never-before-seen details on an attack by hacktivist group 'Anonymous' against a high-profile unnamed target during a 25 day period in 2011. The report offers a comprehensive analysis of the attack, including a detailed timeline of activities from start to finish, an examination of the hacking methods utilized, as well as insights on the use of social media to recruit participants and coordinate the attack.
Every year Group IB releases reports on the development of high tech and cyber-crime, describing new tendencies and interesting emerging trends from recent months and forecasting future threats. This report covers the second half of 2014 and the first half of 2015.
In last year’s report we primarily forecast the increase in targeted attacks on banks. This has been mostly accurate and accordingly, in the second half of last year, the Anunak hacking group, also known as Carbanak, carried out a series of thefts for hundreds of millions of Rubles from the banking sector. However, after the publication of the co-authored Group IB and Fox-IT report, which outlined the group’s methodology, they ceased their activity.
Despite this, as predicted, new hacking groups have appeared conducting similar attacks, for example, the much discussed targeted attack on a Kazan based bank, which resulted in volatility on the currency exchange market of over 10 Rubles to the US Dollar for a short period.
Our predictions of increased attacks on ATMs were also correct. Group IB has discovered new Trojans and insider fraud, and also new equipment, including Blackbox, a tool which hackers developed and installed on cash machines, allowing them to receive remote access to systems.
Following research and analysis of the threats to mobile devices, Group IB predicted an increase in the amount of mobile Trojans that allow hackers to automatically transfer money from bank accounts, sidestepping the most advanced bank security systems. This prediction was correct in assessing the speed of development in this area of fraud and accordingly we have allocated a specific section of this year’s report to this growing issue.
Another major forecast was a decrease in the amount of thefts from individuals, using Trojans which reroute users to phishing sites. Thanks to the arrest of participants in one of the most aggressive hacking groups using this scheme, the amount of thefts was not just lowered but completely stopped. More details are provided in the Group IB completed investigations and arrested criminals section of this report.
We also predicted an increase in the attacks on Russian internet and digital resources by hacktivists and again were correct. Hackers affiliated with ISIS carried out over 600 attacks which Group IB analysed and assessed in a separate report on their international activity.
Check Point Research outlines a new hacktivism model currently being observed across the world. Five traits define the current form of hacktivism according to researchers the following: ideology of politics and leadership structure formal recruitment, sophisticated tools, and public relations. CPR provides the hacktivist group Killnet to illustrate the current model, describing the attacks it has carried out by country as well as an the timeline of attacks. CPR is concerned that hacktivism which originates from conflict-related regions could spread across the globe.
• Prior to that, hacktivists were mostly focused on a handful of individuals who carried smaller-scale DDoS as well as defacement and DDoS attacks
• Today, hacktivism is more structured, well-organized and sophisticated.
• CPR believes that the new form of hacktivism started in conflict areas of Europe's Middle East and Eastern Europe and spread to other areas by 2022.
Check Point Research (CPR) provides a new definition of hacktivism, which is currently trending globally. Hacktivism under this new style is more organised, well-organized and advanced, in comparison to previous. Hacktivist groups do not consist of just a few individuals who perform small DDoS or defacement attacks on websites with low levels of security. They are organized groups with distinct features previously unknown.
One of the key methods cybercriminals are using is ransomware, most famously the Cryptolocker malware,
and its numerous variants, which encrypts the files on a user’s computer and demands the user to pay a ransom, usually in Bitcoins, in order to receive the key to decrypt the files. But Cryptolocker is just one approach that criminals are taking to demand ransom, and the techniques are evolving on a daily basis. To guard against ransomware, it is not enough to know the malware that is making the rounds that day. It is vital to have a broader understanding of the topic, so one can take effective countermeasures against this evolving threat.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Leading Change strategies and insights for effective change management pdf 1.pdf
Pirates of Brazil: Integrating the Strengths of Russian and Chinese Hacking Communities
1. CYBER THREAT ANALYSIS
Pirates of Brazil: Integrating
the Strengths of Russian and
Chinese Hacking Communities
By Insikt Group
CTA-2019-0416
2. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 1
CYBER THREAT ANALYSIS
Recorded Future’s Insikt Group analyzed advertisements, posts, and interactions within
hacking and criminal forums to explore the capabilities, culture, and organization of
Brazilian hacking communities. Sources include the Recorded Future®
Platform as well
as open web, dark web, and underground forum research.
This report, which is part of a series that started with Russia and China, Japan, and
Iran, will be of greatest interest to organizations seeking to understand the criminal
underground to better monitor financial vertical and company-specific threats, as well
as to those investigating the Brazilian criminal underground.
Executive Summary
Each country’s hackers are unique, with their own codes of conduct,
forums, motives, and payment methods. Recorded Future’s
Portuguese-speaking analysts, with a long-standing background in
the Brazilian underground, have analyzed underground markets
and forums tailored to the Brazilian Portuguese audience over the
past decade and discovered a number of particularities in content
hosted on forums, as well as differences in forum organization and
conduct.
The primary target of Brazilian hackers is Brazilians. Hackers in
Brazil range from the entry-level hackers and security researchers
who disclose vulnerabilities in private conferences to black hat
hackers who sell illicit products and services. Brazilian hackers are
always in search of the next opportunity for easy money. When
companies react to their activity by increasing security controls, they
move to another business. The abilities of high-level hackers are
illustrated through Brazilian law enforcement efforts like Operation
Ostentation and the ATM malware by Prilex gang.
Brazilian forums are not necessarily based on web forums. The
Chinese underground is more similar to Brazil’s than Russia’s in
that way, but Chinese cybercriminals rely on local apps such as QQ
and Wechat. The Brazilian forum platform of choice is dynamic,
changing based on broader social trends and law enforcement
efforts. At this time, the forums of choice are WhatsApp and
Telegram. Access to Brazilian forums is not as strict as in the
Russian-speaking underground. However, because the Brazilian
underground is scattered among Telegram and WhatsApp groups,
the collection sources are varied. Information in Brazilian forums
is not as well organized as in Russian-speaking forums, where
threads for products or services are fixed, with well-structured
posts including features and pricing.
3. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 2
CYBER THREAT ANALYSIS
Key Judgments
• Carding is strong in the country. There is a strong activity
of credit cards generated by algorithms — “geradas” in the
local slang. This is not observed by Insikt Group in the other
geographies covered by this series, at least not explicitly.
• Spam, through email, SMS, social media, and messengers,
is still one of the primary methods of malware and phishing
distribution. Local actors are taking advantage of less strict
security mechanisms in SMS to distribute URLs or malware
samples.
• Mass pharming attacks involving vulnerable customer-
premises equipment (CPE), observed for the first time in 2014,
are still an important method of credentials collection. Typical
targets are financial institutions, streaming services, and web
hosting companies.
• Brazilian cybercriminals are not intimidated by two-factor
authentication (2FA). While the majority of entry-level hackers
move to another activity, high-level hackers insist — and
succeed — in bypassing this security control. Techniques
observed by Insikt Group include SIM-swap attacks, full
compromise of desktops used for internet banking, and
hackers’ direct interaction and interference with banking
sessions.
5. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 4
CYBER THREAT ANALYSIS
Brazilian Communities: Pirate Spirit
Similar to Russian-speaking cybercriminals, Brazilian cybercriminals
hold one thing above all else: money. Hacker communities in
Brazil differ in their neighborhoods, motivations, goals, and
communication platform of choice.
Whereas we used “thieves” and “geeks” to define Russian and
Chinese undergrounds, respectively, we describe Brazilian hackers
as “pirates” because they are not just specialized thieves like the
Russian-speaking actors, but are ready to change their TTPs and
forum platforms at any time, depending on where the easy money
is and what law enforcement and security researchers are doing to
collect information on them. At the same time, a very select group
of Brazilian cybercriminals resemble their Chinese counterparts, in
that they can bypass strict internet banking security controls and
ATM security in an impressive way.
Telegram, a very relevant source to Brazil that was recently added to Recorded Future.
6. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 5
CYBER THREAT ANALYSIS
History of the Brazilian Underground
Commercial internet was introduced in Brazil between 1995 and
1996. In the late ‘90s, Internet Relay Chat (IRC) networks and ICQ
messenger — as well as bulletin board systems (BBS), web-based
forums, and chats — became the main chat platforms in Brazil.
IRC channels were the forums of choice for professional hackers
in the 2000s and early 2010s. Activity included advertisements of
products and services, bulk credit card information, and discussions
— none of it organized by topic. For example, IRC servers operated
by the groups Silver Lords and FullNetwork — better described as
an IRC network than as a group — ruled the underground for years.
“mIRC” — the name of a very popular IRC client that became
synonymous with the Brazilian term for IRC client — became
very popular among all types of users. Brasirc and Brasnet were
the most popular IRC networks, and from its channels emerged
some of the first-known threat activity in Brazil: intentional IRC
flooding attacks (a kind of denial-of-service attack) against the IRC
server host, takeovers of usernames, and coordinated attacks.
IRC protocol was a favorable environment for hacking discussions,
with features including controlled access to channels and
servers, the ability to grant specific privileges to each user, and
bots. At first, hackers met in public IRC networks like Brasirc
and Brasnet, but over time they began hosting their own IRC
servers. It was harder to find those servers, which gave users
and administrators a certain degree of privacy. Just like in special
access web forums found in Russian-speaking countries, there
was access control. A registered “nick” (nickname) was required
to join channels in certain servers and the bot (service) that
managed the nicks (NickServ) was not available at all times.
A common area of interest among Brazilian hackers across many
groups, skill levels, and motives is penetration testing. This is one
of the main topics of most local hacker conferences and entry-level
web forums, where tools and tutorials are shared.
7. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 6
CYBER THREAT ANALYSIS
In Brazil, website defacement was always one of the main types of
hacking activities. Brazilians always were — and still are — one of the
top reporters of website defacements to the popular defacement
archive zone-h[.]org.
Historically, most Brazilians involved with website defacement were
teenagers learning how to exploit software vulnerabilities and badly
configured internet-facing systems. Defacement was considered
a learning experience in the absence of security frameworks —
from reconnaissance to penetration testing and vulnerability
exploitation.
From 2005 to the present day, there is still a significant website
defacement community in the Brazilian underground, and the motive
has evolved from warning administrators to hacktivism. In Brazil, the
theme of defacements also corresponds to the current headlines
in newspapers: natural disasters, political scandals, and so on.
ProtoWave Reloaded group’s verified submissions to Zone-H, a notorious web defacement archive. To date, this Brazilian group has defaced
more than 1,250 webpages.
8. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 7
CYBER THREAT ANALYSIS
Some of the most notorious hacker groups of the early 2000s
emerged during the IRC era:
• Website Defacement: Prime Suspectz1
, Silver Lords, Insanity
Zine, HFury, DataCha0s, Crime Boys
• Hacking: Unsekurity Scene, or just “unsek,” and its “spin off”
groups Clube dos Mercenários (CDM), Front The Scene (FTS)
In the context of hacking, the activity was mainly security research
on reconnaissance, penetration testing, and known vulnerability
exploitation. Given the limitations of that time — no vast penetration
testing literature, frameworks like Metasploit, or tools like Kali
Linux — it is possible that some of those researchers began as
web defacement actors.
In a series of articles published in 2001, investigative journalist
Giordani Rodrigues interviewed the main web defacement groups
of that time. In most of them, actors were between 15 and 22 years
old. Most likely, that age range has not changed significantly. Actors
in that age range tend to act irresponsibly — maturity and ethics are
what separate a web defacer who becomes a security professional
from one who moves to other outcomes of an intrusion, like data
exfiltration or lateral movement.
In 2010, when Anonymous activity began worldwide, the same
activity was observed in Brazil. It began as a support to Wikileaks
in the second half of 2010, and continues in various forms to the
present day. The highest level of Anonymous activity occurred
between 2011 and 2015, when most global operations had support
from local groups. Targets were mostly political, and distributed
denial of service (DDoS) was the primary type of attack. In 2011,
Brazilian Federal Police probed the activity of Anonymous in Brazil,
as multiple government websites were targets.
Since 2016, groups that claim to support Anonymous’s cause
have targets that vary with the headlines of local news and public
opinion. Corrupt politicians, companies involved in corruption
scandals, candidates in elections, the 2016 Summer Olympics in
Rio de Janeiro, the 2014 FIFA World Cup in Brazil — any target or
topic is eligible for a local Anonymous campaign. After DDoS attacks
became ineffective, the most typical attack became — and still is —
1
Defacements authored by Prime Suspectz archived in Zone-H.
9. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 8
CYBER THREAT ANALYSIS
leak of breach data. In the past year, Anonymous activity primarily
focused on political targets. In the last incident, AnonOpsBR, one
of the only groups with recent and recurrent activity, has attacked
the Brazilian Ministry of Defense and now president Jair Bolsonaro,
as well as the vice president.
Organization of the Brazilian Underground
In Brazil, any platform used for interaction could be considered
a hacker forum. As we stated before, the typical organization of
Russian-speaking criminal underground communities does not
apply to what we observe in Brazil, as each forum does not have a
singular purpose, nor are they well organized, lacking fixed threads
for products or services or well structured posts with features and
pricing. This makes a big difference in terms of understanding the
local underground.
Unlike in Russian-speaking countries, Jabber/XMPP was never a
popular chat platform for Brazilian hacker forums. We can state
with a high level of confidence that communities of interest jumped
from IRC to the modern mobile chat platforms, such as Telegram,
WhatsApp, TeamSpeak (gaming), and Discord (gaming), beginning
in 2015. Privacy-oriented messengers like Wickr and Signal are
more frequently seen in Tor dark web forums and markets.
Orkut, by Google, was the first popular social network in Brazil.
From 2004 to 2010, it was the center of the internet — along with the
hacking scene — for Brazilians. Private Orkut groups were created
for selling hacking products and services. The organization of
advertisements was very similar to what we see in Russian-speaking
web forums. Around 2010, users started to migrate to Facebook,
including the hackers. In 2014, Orkut was discontinued by Google.
The use of social networks for cybercrime shows how unprofessional
certain groups of Brazilian hackers are. Any actor from Russian-
speaking or Chinese-speaking forums would know that social
networks are a risky place to conduct illicit business. The companies
who own those networks are generally obliged to cooperate with
local authorities, making it easier for law enforcement to investigate
and detain hackers.
10. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 9
CYBER THREAT ANALYSIS
In Brazil, cybercrime actors started to use Facebook for advertisement
as soon as the social network became popular in the country in 2011.
Groups were closed, but there was no strict review or vetting process
— it was just a matter of requesting access and having it granted.
In 2011, Kaspersky Lab found a website created for hackers to check
if another hacker they were doing business with was reliable or a
“ripper” (scammer). The service was dubbed “SPC dos Hackers,”
which essentially means “Hacker’s Credit Report,” and it was a
database of usernames, the contact information associated with
each of those usernames, and assessments of those users —
positive or negative.
On average, Brazilian cybercriminals from entry to medium level
do not demonstrate concerns about operational security (OPSEC)
and law enforcement. It is common in the country to see criminals
detained for cybercrime only to be released days or weeks later.
Current Landscape
Brazilian web forums do not have a significant role in the Brazilian
underground. They never did, and most likely never will. In 2010,
the most prominent hacker web forums were essentially the
same as the most active ones in 2019: Fórum Hacker and Guia do
Hacker. Some forums emerged and were voluntarily taken down
in the meantime, like Perfect Hackers, which was taken down in
2018. However, those prominent forums remain the main hacker
communities, open to the public. There is no vetting process or
payment required to register — anyone can join these forums.
Brazilian web forums are an environment for learning how to
become a hacker and the sharing of information and tools. In Brazil,
forums have been home to entry-level hackers (script kiddies)
since at least 2010. They stay in the forums while it is useful for
them to learn hacking methodologies. Camaraderie is praised
and encouraged. There are products and services for sale. Mobile
forums — specifically, Telegram channels — became the preferred
environment to advertise products and services.
More recently, when groups moved to Telegram, it was observed
that most of the channels have minimal access control — a defined
11. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 10
CYBER THREAT ANALYSIS
username is the necessary and sufficient condition to gain access
to some channels. Brazilian public Telegram channels are available
in the platform.
In the screenshot above, the administrator of a Telegram group
advertises “telas fake” — a local slang for phishing kits. In this
particular case, there are three different types of product: capturing
the bank account credentials for 250 BRL (66 USD), capturing basic
credit card information for 200 BRL (53 USD) and capturing full
credit card information (including name and address) for 150 BRL
(40 USD). Cell phone icons indicate the kit is compatible with mobile
phones.
Telegram channel with advertisements for phishing kits
12. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 11
CYBER THREAT ANALYSIS
Web forums like Forum Hacker and Guia do Hacker are considered
by many Brazilians a good way to get immersed in network and
information security. The majority of entry-level hackers are not
able to enter the white hat and black hat communities in Brazil.
This is best shown by the insular, invite-only nature of Brazilian
hacker conferences.
Sacicon is another one-day, invite-only conference that has taken
place in São Paulo since 2012. This conference is similar to YSTS,
with a focus on highly technical talks and partying. This conference
is promoted by the same organizers of the Hackers to Hackers
Conference (H2HC), the first (starting in 2004) and most notorious
hacker conference in Brazil. The organizers of Roadsec, a conference
targeted at the entry-level security professional or student more
than any other audience, also support Sacicon.
You Shot The Sheriff (YSTS), a yearly one-day invite-only hacker
conference that has taken place in São Paulo since 2007, is similar to
DEF CON in terms of content and parallel activities, like lockpicking
and hardware hacking. The conference venue is always a bar.
Tickets for this conference are rarely sold, but when it happens,
the prices are not affordable to most local entry-level professionals
or students. This is considered one of the best hacker conferences
in Brazil from a security research perspective.
AlligatorCon, which takes place in Recife, PE, Brazil, is an invite-only
black hat conference. This conference is similar to Sacicon in its goal
to present content with a high technical level, but it goes beyond —
topics include vulnerability exploitation, new hacking tools, and zero-
day vulnerability disclosures. Unlike Sacicon, this conference focuses
exclusively on local research, presented in Brazilian Portuguese.
We have mentioned multiple times where Brazilian hackers are not:
in web forums. But where are they? The same places the rest of the
Brazilians are. The communication platforms of choice are usually
the very same ones used by the local population in general. In
the current context, this means WhatsApp, Telegram, and Discord.
The last of those is also commonly used by gamers, a result of the
dominant teenage demographic in the Brazilian hacking community.
13. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 12
CYBER THREAT ANALYSIS
Content in Brazilian Underground Forums
Malware
The most common type of software product found in Brazilian web
forums is the “crypter,” an obfuscation tool used to pack malicious
software in such a way that it goes undetected by antivirus engines.
The more “FUD,” or “fully undetectable,” a malware is, the more
likely that malware is to reach the user’s email inbox undetected.
This high interest in malware packers is an indicator of one of
the main attack vectors of Brazilian cybercriminals: email. Email
spam has always been one of the main methods of phishing and
malware distribution in Brazil. However, over the years, multiple
security controls have increasingly prevented campaigns from
reaching victims’ inboxes. Concurrently, new generations changed
their relationship with email messaging, and multiple other social
media sites and messenger apps emerged and became the primary
communication platforms. Cybercriminals had to adapt to those
behavioral changes in order to succeed.
The latest quarterly report from the Anti-Phishing Working Group
(APWG) shows that phishing campaigns now use paid advertisements
in search engines like Google and Bing, social media, rogue mobile
apps in official stores, and Smishing (SMS Phishing) to target victims.
Many of these attack vectors have ineffective methods for handling
spam — SMS in particular — allowing cybercriminals to reach
more victims. Even after the malicious link reaches the inbox of a
victim, there is still one last phase needed in a successful phishing
campaign: the victim must take the bait and click the link. There is
a way to not only entice users to click on a phishing link, but also
force them to do it technically. That method is known as “pharming.”
Pharming involves the use of malware or technical strategy to
subvert the DNS name resolution and force all users of a host or
network to visit a known website address at the wrong host (IP
address), under the control of the attacker. Pharming is a very
common activity of Brazilian hackers. Despite efforts from security
companies and internet service providers, occasional attacks are
not always detected.
14. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 13
CYBER THREAT ANALYSIS
One of the first forms of pharming was local: the attacker would
leverage malware to modify the local host address resolution files
(“LMHOSTS” for Windows, and “hosts” for Linux). The operating
system first checks those files for hostname and IP address pairs.
If a bank’s hostname is listed in that file, that resolution has the
highest priority. The user visits a website with the correct URL at the
wrong server. Local pharming has one weakness: antivirus. Malware
can be detected by signature or heuristics, and any application
trying to modify the local name resolution file is considered
suspicious. Local pharming is convincing because the URL looks
legitimate to the victim, but with today’s anti-malware controls,
an attacker successfully changing the file with malware is unlikely.
DNS or network pharming, on the other hand, does not require the
complexity of malware.
Network pharming is an attack vector used by Brazilian cybercriminals
since as far back as 2014. At first, the strategy was to abuse
customer-premises equipment (CPE) — network routers provided
by ISPs. Most users receive the same models or routers from the
ISP, making the network environment very predictable. The attack
involved sending spam with local network URLs that changed the
DNS settings of the local router. Succeeding with this attack method
required one favorable condition: a default administrator username
and password.
Over time, other strategies were used for exploiting CPEs —
exploitation of remote software vulnerabilities, for instance.
One of those campaigns, described by Radware in March 2018,
involved the exploitation of vulnerabilities in MicroTik routers. In
September 2018, 360 Netlab reported two incidents (September 4
and September 29) involving more than 85,000 routers in Brazil.
Affected companies involved all major local banks, web hosting
companies, and Netflix — a common credential for sale in Telegram
channels. Spotify was not among the targeted domain names in
those attacks but is a typical target as well. Neither service offers
two-factor authentication, which makes credential collection and
reuse trivial in this context.
15. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 14
CYBER THREAT ANALYSIS
Financial Services Targeting Drives High Security Standards
The Brazilian financial system is very advanced in terms of security
controls. This is a result of decades of cybercrime, real-world crime,
and — no less important — a response to Brazilians’ consistent
malicious activity. Brazil is a hostile environment for the financial
vertical in every aspect, and as a result, security standards are high.
Hacker activity and developments in the security of the financial
system are strongly related, causing the financial institutions to
constantly increase the security.
2FA for logins, 2FA for transactions via QR codes, physical tokens,
browser plugins that resemble “rootkits,” pre-registration of devices,
device fingerprinting, strict limits for wire transfers, pre-registration
of wire transfer destination accounts, a dedicated desktop browser
for internet banking, and biometry in ATMs are among the vast and
ever-growing list of security controls.
Transferring money between Brazilian bank accounts and foreign
banks — even within Latin America or MERCOSUR trade bloc —
is not trivial. The processing of international payment orders is
treated as a currency exchange transaction. As such, additional
controls against money laundering and tax evasion are applied,
making moving money across country borders harder.
Another important security control relates to credit cards. In most
countries, it is necessary to provide basic personal information
in card-not-present (CNP) transactions: full name, full address. In
Brazil, it is necessary to provide Cadastro de Pessoas Físicas (CPF) —
a unique tax ID for every Brazilian citizen in every transaction — and
that ID must match the one associated with the credit card. That
ID is very similar to a Social Security number (SSN) in the United
States. It is considered critical if that information becomes public.
As illustrated above, it’s difficult to move money across country
borders and security controls are strict. So how can a cybercriminal
thrive in such an environment?
Chip-and-PIN technology was deployed in Brazil in the early 2000s.
Just like with any new technology, chip-and-PIN was abused in
Brazil, and eventually, cybercriminals succeeded in attacking not
the EMV system itself, but poorly implemented deployments.
16. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 15
CYBER THREAT ANALYSIS
In March 2018, Kaspersky Lab Brazil released research on malware
targeting POS systems with chip-and-PIN (EMV): Prilex. The
exploitation of EMV was not something new: other attacks against
vulnerable deployments of chip-and-PIN authentication had been
seen in the wild over the past few years. The group behind Prilex,
which has been active since at least 2015, used many variations of
a black box attack, including one involving a Raspberry Pi with 4G
data network access capable of exfiltrating data. They also focused
on taking control of machine infrastructure. Finally, they added
point-of-sale (POS) systems to their attack surface and started
targeting chip-and-PIN cards.
Prilex allegedly operates off the limits of web-based forums and
social media. According to Kaspersky researchers, they operate
their own private WhatsApp groups, which are strictly controlled.
For that reason, there is no forum activity from Prilex actors in the
platform.
Language and Fraud Drive Targets
The primary target of Brazilian hackers is Brazilians. The Portuguese
language is key for explaining that observation, but there are other
elements that explain this geographical isolation.
There are other Portuguese-speaking countries — Angola, Cape
Verde, Guinea-Bissau, Mozambique, Portugal, and São Tomé and
Príncipe — but there is minimal interaction between these countries
and Brazil. The country has its own variation of Portuguese — Brazilian
Portuguese — with phonetics and vocabulary that are different from
the Portuguese spoken in other countries. That unique Portuguese
variation, combined with cultural and economical differences,
also isolate Brazil from other countries in South America, as it is
surrounded by Spanish-speaking countries.
Most of the products and services in the Brazilian underground are
related to personal information: access to credit record databases, full
information on a certain individuals provided with a CPF (tax ID) and
credentials. Those credentials are obtained in many ways: malware,
phishing for financial credentials, phishing for credit checks, Serasa
Experian credentials, and insider employees at companies of interest.
Carding, and the products and services surrounding it, like selling
credentials, is one of the main activities of closed hacker groups.
17. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 16
CYBER THREAT ANALYSIS
In the past, information was shared in IRC channels, but now it is
present in Telegram and other modern platforms. Carding activity
is usually not present in major hacker web forums.
Carding is strong in the country’s underground. Not all credit cards
found in the Brazilian underground were necessarily collected.
There is strong activity of credit cards generated by algorithms,
referred to as “geradas.” They look for companies that don’t validate
cards appropriately, which they call “cardeáveis,” or “susceptible to
carding,” and exploit them.
In November 2016, Tesco Bank announced a security incident
involving 20,000 accounts and a loss of 2.26 million GBP (2.95
million USD). The company issued a new statement a few days later,
stating that normal service has resumed. No further information
was disclosed in that new statement. In October 2018, the Financial
Conduct Authority (FCA) released a “Final Notice” on the incident
that occurred in 2016. According to the 27-page document, the
attackers most likely used an algorithm that generated authentic
Tesco Bank debit card numbers. It was determined that the majority
of fraudulent transactions were coming from Brazil using a payment
method known as “PoS 91,” an industry code which indicated that
the attackers were making contactless MSD transactions. Most likely,
this is the most notorious example of the impact of Brazilian hacker
activity involving generated card numbers.
Currently, there is no personal data protection regulations in place in
Brazil. There are plans to implement one — similar to the European
Union’s General Data Protection Regulation (GDPR) — but it will not
be effective until December 2020. This is bill number 13.709, also
known as “Lei Geral de Proteção de Dados,” or LGPD.
At this time, a company that suffers a breach is not obliged to
disclose it to the public or the Brazilian government. As a result,
companies deny breaches at all costs. In October 2018, Brazilian
payment-processing company Stone announced a data breach
on the eve of its IPO. It was reported that there was an extortion
attempt, though that detail was not confirmed by the company.
It could have been cybercriminals or just the competition trying
to interfere with the company’s IPO. The same kind of extortion
attempt before an IPO happened in April 2018 against financial-
tech bank Banco Inter.
18. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 17
CYBER THREAT ANALYSIS
Case Study: Law Enforcement Operation Ostentation
One recent Brazilian law enforcement operation, Operation
Ostentation, summarizes how a successful cybercrime enterprise
in Brazil was carried out. The leader of the gang involved, Pablo
Henrique Borges, was arrested on October 11, 2018. According to
law enforcement reports and media, he and his gang were able
to steal 400 million BRL (about 108 million USD) in 18 months.
Borges was 24 years old and was living a life of luxury, with multiple
Lamborghinis and Ferraris and expensive trips and habits. Two
accomplices were also arrested — Rafael Antonio dos Santos and
Matheus Araújo Galvão.
The gang would offer to pay people’s bills with up to a 50 percent
“discount” via WhatsApp or Facebook posts. This is a common
money laundering technique used by Brazilian cybercriminals —
instead of cashing out money from bank accounts, they paid for
bills, receiving a portion of it in an unconnected account.
Cars seized in Operation Ostentation (Operação Ostentação) in October 2018.
19. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 18
CYBER THREAT ANALYSIS
It is still unclear how the gang gained access to the bank accounts —
more than 23,000 in total — in order to pay for the bills. Most likely,
it was with a combination of malware and phishing campaigns.
The person responsible for software development was 24-year-old
Leandro Xavier Magalhães Fernandes. Also from humble origins —
he has a high school degree but no formal education beyond that
— he was responsible for the most important element of the gang’s
business. His ostentatious lifestyle, with a mansion and expensive
cars, attracted attention from the local law enforcement of Goiânia,
GO.
Unfortunately, no information on handles, the malware family,
sample information, or the forum name was released about this
gang. Given the background and profile of the two leaders, it is
unlikely that they obtained foreign malware for this operation and
likely that they developed their own malware.
We do not have further information on this particular law
enforcement operation to make statements on the quality of
malware that was involved. What we know from other operations
and law enforcement opinion is that Brazilian cybercriminals
organize themselves in a structure that resembles terrorist
groups, not criminal organizations. Gangs are organized into cells
— software development, operations, money laundering — in a
way that the disruption of one or more cells does not affect the
business. Operators are notified when an infected user opens a
session and interacts with them to bypass 2FA and other security
controls. In March 2016, Kaspersky described this particular type
of Remote Access Trojan (RAT) that is common in Brazil.
In Brazil, there are very distinct types of hacker groups: “Lammer”
— entry-level hackers in the local slang of web forums — and the
legitimate researchers and hackers. Sometimes, hackers evolve
from web forums, other times they appear to be completely
disconnected from both of these circles. They are simply smart
people with basic software development skills who found a niche
to explore and a way to make money.
20. Recorded Future | www.recordedfuture.com | CTA-2019-0416 | 19
CYBER THREAT ANALYSIS
Outlook
High-level Brazilian hackers will continue to exploit financial
institutions, no matter how rigorous the security controls become.
Desktop security is sufficiently high, but local cybercriminals have
proven that they are capable of successfully bypassing those
controls. However, high desktop security does not mean cybercrime
is deterred.
The majority of Brazilians no longer do their internet banking on
desktops, but on mobile clients. Transfers, one-time passwords,
payments — all major banks allow clients to do practically anything
using a mobile app. This change in behavior has already motivated
change in cybercrime activity. SMS phishing (Smishing), mobile
phishing kits, and malicious mobile applications — the majority
for Android — pretending to be popular apps, such as WhatsApp,
or mobile banking apps have increased in the past few years.
Android exploitation is already a reality in Brazil and this trend
continues, as security hardening for those devices is a challenge.
Another very important aspect to consider is that many Brazilians —
particularly the ones with low income — don’t do internet banking
on desktops simply because they don’t even own a desktop or
laptop.
Use of WhatsApp in the country remains stable. Most likely, this will
continue to be one of the attack vectors for cybercriminals. In 2018,
WhatsApp announced and deployed person-to-person payments
in India in a feature called WhatsApp Payments. According to
WABetaInfo, a news website specializing in WhatsApp news, the
feature will be extended to Brazil, Mexico, and the U.K. in the near
future. It is highly likely that this feature will be exploited in Brazil.
About Recorded Future
Recorded Future arms security teams with the only complete threat intelligence
solution powered by patented machine learning to lower risk. Our technology
automatically collects and analyzes information from an unrivaled breadth of
sources and provides invaluable context in real time and packaged for human
analysis or integration with security technologies.