The document discusses the Brazilian cybercriminal underground in 2015. It describes how young Brazilian cybercriminals are boldly displaying their illegal activities online. It outlines two main types of players - developers who create banking malware and other tools, and operators who use these tools. Popular offerings in the Brazilian underground include banking malware, ransomware, tutorials for learning cybercriminal skills, and the online sale of counterfeit goods and documents that were previously only available on physical black markets. Law enforcement faces challenges in addressing this growing cybercrime problem in Brazil.
Pirates of Brazil: Integrating the Strengths of Russian and Chinese Hacking C...Felipe Prado
This document analyzes the Brazilian hacking community by exploring capabilities, culture, and organization based on forum posts and interactions. It finds that Brazilian hackers, nicknamed "pirates," are motivated by money and adapt techniques like moving between messaging platforms like Telegram and WhatsApp. Historically, hackers congregated on IRC networks in the 2000s before shifting to modern messengers. Key activities include website defacement, credit card theft, and bypassing banking security controls.
The document discusses the February issue of (IN)SECURE Magazine. It mentions that the issue focuses on Android security and includes articles on web security, shellcode, mobile security, and more. It also notes that the RSA Conference will be held later in February, which the magazine will cover. It provides contact information for the magazine.
Ransomware-as-a-Service: The business of distributing cyber attacksΔρ. Γιώργος K. Κασάπης
Ransomware is proving to be a profitable endeavor for cyber criminals. It is also what is fueling a newer trend: the business of offering management of ransomware attacks, or Ransomware-as-a-Service (RaaS).
Fueled in part by the ability to use cryptocurrency to avoid detection, cyber criminals are setting up shop as a managed service provider, helping other cyber criminals conduct business on their platforms for a fee. For that fee, cyber criminal groups get personalize access to platforms, complete with dashboard capabilities, that allow them to easily distribute their ransomware. Also included – technical support. Such full-service offerings mean that nearly anyone with internet access can launch a ransomware attack without any technical knowledge needed.
And why not? The estimated return on investment from ransomware campaigns can easily reach 1400%. The lure of a lucrative return could well attract beginners or anyone with a grudge. For organizations, the threat coming from a well-backed beginner is as damaging as one coming from a career criminal.
Ransomware became a major cyberthreat in 2016, especially in the United States. Ransomware payments increased 771% from 2015 to 2016. The healthcare and education industries were among the most affected. In 2017, experts predict that ransomware will continue to spread rapidly across more devices and sectors. New variants will emerge using improved encryption and different delivery methods. Ransomware criminals are expected to make over $5 billion. Strong backups remain the best defense against ransomware attacks.
The document discusses recent ransomware attacks and trends, including attacks against the University of Utah which paid $457K, and Jack Daniels which refused to pay. It notes the average ransom payment has risen to $111K, with Ryuk, Sodinokibi, and Phobos being the most common ransomware. The FBI has softened its stance on paying ransoms. Copycat hackers are using DDoS extortion, while the FritzFrog botnet has bogged down over 500 servers in Europe and North America. Canadian government agencies also saw a credentials breach affecting thousands of accounts.
A LOOK INSIDE THE BRAZILIAN UNDERGROUNDFelipe Prado
The document provides an overview of cybercrime in Brazil, summarizing that:
- Brazilian cybercriminals carry out sophisticated banking Trojans, phishing campaigns, and other cyberattacks that reflect local culture and target Brazilian individuals and institutions.
- Many Brazilian cybercriminals openly flaunt their wealth from stolen funds and live decadent lifestyles, seeing themselves more like "Robin Hood" figures rather than criminals.
- The cybercriminal underground in Brazil is organized, with groups specializing in areas like malware development, spamming, money laundering, and selling stolen data and services on underground forums and marketplaces.
This document provides a summary of key findings from the 2012 Verizon Data Breach Investigations Report (DBIR). Some key findings include:
- 98% of data breaches were caused by external agents like hackers and criminal groups, while only 4% involved internal employees. Hacktivist groups were responsible for 58% of all data theft.
- The most common methods of breaches were hacking (81%) and use of malware (69%). Most targets were targets of opportunity rather than a pre-identified choice.
- 855 incidents were analyzed representing 174 million compromised records. This was higher than the previous year's report of 4 million records compromised.
- Factors that could have helped prevent many
Digital technology has transformed organizational life. Developments in communications, and in information storage and retrieval, to name just two areas, have greatly enhanced the efficiency with which legitimate organizations operate. Unfortunately, the benefits of digital technology are not lost on criminal organizations, which exploit digital technology to enhance the efficiency and effectiveness of their own operations. This paper will discuss the organized criminal exploitation of digital technology, by looking at a number of illustrative cases from Asia and around the world. It will discuss the various types of “conventional†organized crime that can be facilitated by digital technology, as well as terrorism, which itself can be regarded as a special kind of organized criminal activity. One fundamental question that the paper will seek to address is whether the activities of Asian organized crime have become substantively different as a result of technology, or whether traditional organized criminal activities in Asia are merely being conducted on a more efficient and effective basis. The paper will note the transnational nature of much organized criminal activity, and will discuss mechanisms for the control of organized crime in the digital age. Dr. S. Krishnan | Mr Harsh Pratap | Ms Sakshi Gupta "Organised Crime in the Digital Age" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd41185.pdf Paper URL: https://www.ijtsrd.comcomputer-science/computer-security/41185/organised-crime-in-the-digital-age/dr-s-krishnan
Pirates of Brazil: Integrating the Strengths of Russian and Chinese Hacking C...Felipe Prado
This document analyzes the Brazilian hacking community by exploring capabilities, culture, and organization based on forum posts and interactions. It finds that Brazilian hackers, nicknamed "pirates," are motivated by money and adapt techniques like moving between messaging platforms like Telegram and WhatsApp. Historically, hackers congregated on IRC networks in the 2000s before shifting to modern messengers. Key activities include website defacement, credit card theft, and bypassing banking security controls.
The document discusses the February issue of (IN)SECURE Magazine. It mentions that the issue focuses on Android security and includes articles on web security, shellcode, mobile security, and more. It also notes that the RSA Conference will be held later in February, which the magazine will cover. It provides contact information for the magazine.
Ransomware-as-a-Service: The business of distributing cyber attacksΔρ. Γιώργος K. Κασάπης
Ransomware is proving to be a profitable endeavor for cyber criminals. It is also what is fueling a newer trend: the business of offering management of ransomware attacks, or Ransomware-as-a-Service (RaaS).
Fueled in part by the ability to use cryptocurrency to avoid detection, cyber criminals are setting up shop as a managed service provider, helping other cyber criminals conduct business on their platforms for a fee. For that fee, cyber criminal groups get personalize access to platforms, complete with dashboard capabilities, that allow them to easily distribute their ransomware. Also included – technical support. Such full-service offerings mean that nearly anyone with internet access can launch a ransomware attack without any technical knowledge needed.
And why not? The estimated return on investment from ransomware campaigns can easily reach 1400%. The lure of a lucrative return could well attract beginners or anyone with a grudge. For organizations, the threat coming from a well-backed beginner is as damaging as one coming from a career criminal.
Ransomware became a major cyberthreat in 2016, especially in the United States. Ransomware payments increased 771% from 2015 to 2016. The healthcare and education industries were among the most affected. In 2017, experts predict that ransomware will continue to spread rapidly across more devices and sectors. New variants will emerge using improved encryption and different delivery methods. Ransomware criminals are expected to make over $5 billion. Strong backups remain the best defense against ransomware attacks.
The document discusses recent ransomware attacks and trends, including attacks against the University of Utah which paid $457K, and Jack Daniels which refused to pay. It notes the average ransom payment has risen to $111K, with Ryuk, Sodinokibi, and Phobos being the most common ransomware. The FBI has softened its stance on paying ransoms. Copycat hackers are using DDoS extortion, while the FritzFrog botnet has bogged down over 500 servers in Europe and North America. Canadian government agencies also saw a credentials breach affecting thousands of accounts.
A LOOK INSIDE THE BRAZILIAN UNDERGROUNDFelipe Prado
The document provides an overview of cybercrime in Brazil, summarizing that:
- Brazilian cybercriminals carry out sophisticated banking Trojans, phishing campaigns, and other cyberattacks that reflect local culture and target Brazilian individuals and institutions.
- Many Brazilian cybercriminals openly flaunt their wealth from stolen funds and live decadent lifestyles, seeing themselves more like "Robin Hood" figures rather than criminals.
- The cybercriminal underground in Brazil is organized, with groups specializing in areas like malware development, spamming, money laundering, and selling stolen data and services on underground forums and marketplaces.
This document provides a summary of key findings from the 2012 Verizon Data Breach Investigations Report (DBIR). Some key findings include:
- 98% of data breaches were caused by external agents like hackers and criminal groups, while only 4% involved internal employees. Hacktivist groups were responsible for 58% of all data theft.
- The most common methods of breaches were hacking (81%) and use of malware (69%). Most targets were targets of opportunity rather than a pre-identified choice.
- 855 incidents were analyzed representing 174 million compromised records. This was higher than the previous year's report of 4 million records compromised.
- Factors that could have helped prevent many
Digital technology has transformed organizational life. Developments in communications, and in information storage and retrieval, to name just two areas, have greatly enhanced the efficiency with which legitimate organizations operate. Unfortunately, the benefits of digital technology are not lost on criminal organizations, which exploit digital technology to enhance the efficiency and effectiveness of their own operations. This paper will discuss the organized criminal exploitation of digital technology, by looking at a number of illustrative cases from Asia and around the world. It will discuss the various types of “conventional†organized crime that can be facilitated by digital technology, as well as terrorism, which itself can be regarded as a special kind of organized criminal activity. One fundamental question that the paper will seek to address is whether the activities of Asian organized crime have become substantively different as a result of technology, or whether traditional organized criminal activities in Asia are merely being conducted on a more efficient and effective basis. The paper will note the transnational nature of much organized criminal activity, and will discuss mechanisms for the control of organized crime in the digital age. Dr. S. Krishnan | Mr Harsh Pratap | Ms Sakshi Gupta "Organised Crime in the Digital Age" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd41185.pdf Paper URL: https://www.ijtsrd.comcomputer-science/computer-security/41185/organised-crime-in-the-digital-age/dr-s-krishnan
The document summarizes McAfee's Threats Report for the third quarter of 2013. Some key points:
- Mobile malware increased 33% while overall new malware exceeded 20 million. New ransomware and rootkits also rose.
- Digital currencies like Bitcoin are increasingly used by cybercriminals for money laundering and anonymous transactions on dark web markets. The shutdown of Silk Road prompted new illegal sites.
- The "Deep Web" contains unregulated online markets selling illegal drugs, weapons, credit cards, and even murder-for-hire services accessible through Tor and paid with Bitcoin.
- Hacktivism and political hacking increased, while spam volume reached its highest level since 2010. Browser
Supersized Security Threats – Can You Stop 2016 from Repeating?Valerie Lanzone
2016 was a year in which everything was bigger – bigger breaches, larger attacks, and bigger repercussions. Whether it was the evolution of DDoS attacks into the record-shattering Mirai botnet that disrupted large portions of the internet or insidious commercial banking Trojans available for sale as ready-made malware kits, the tone of cyberattacks darkened in 2016 while illuminating one key fact: many companies are not applying basic security fundamentals to their IT environments.
Attend this webinar to learn:
The top-level security trends from 2016, and what it could mean for 2017, including the political and intellectual property concerns stemming from large-scale data leaks
Why classic attack vectors continue to be a weapon of choice for those seeking to disrupt operations and steal data
Why a lower attack rate for the average security client may not be good news
What steps your organization can take to protect against these attacks
2009 10 21 Rajgoel Trends In Financial CrimesRaj Goel
The document summarizes trends in various types of financial crimes including data breaches, identity theft, mortgage fraud, and other cybercrimes from 2005 to 2009. It discusses specific cases like the Sony rootkit scandal and fraud involving forged deeds and stolen identities that resulted in people losing their homes. The document also mentions the large economic impact of crimes like telemarketing fraud and the growing problem of botnets and zombie computers being used to steal data and money.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
The report summarizes McAfee's findings on cyber threats from the first quarter of 2010. Key points include:
- Spam volumes returned to mid-2008 levels after declining in late 2009. Pill and male enhancement messages made up over 70% of spam.
- Different types of spam were most common in different countries. For example, malware and drugs messages were popular from China while 419 scams and watches messages came mostly from Nigeria.
- Attacks continued to target popular software like Adobe Reader and Microsoft Internet Explorer. Cybercriminals also increasingly targeted social media like Facebook.
- Major cyberattacks in the quarter included Operation Aurora, which compromised many large companies by targeting software vulnerabilities.
The document discusses software backdoors and their ethical implications. It begins by defining a backdoor as an intentional security flaw that allows unauthorized access. It then examines why backdoors are concerning, providing examples like the Clipper Chip and the San Bernardino case. Both sides of the argument are presented, with concerns over backdoors including precedent for misuse and the case for including enabling surveillance. The document concludes by discussing ethical viewpoints like egoism and Kantianism as they apply to the issues raised around software backdoors.
The FBI is the lead federal agency for investigating malicious cyber activity by criminals, nation-state adversaries, and terrorists. To fulfill this mission, the FBI often develops resources to enhance operations and collaboration. One such resource is the FBI’s Internet Crime Complaint Center (IC3) which provides the public with a trustworthy and convenient mechanism for reporting information concerning suspected Internet-facilitated criminal activity. At the end of every year, the IC3 collates information collected into an annual report.
Credit is due to all original authors and no financial gain was made from the blog, Simply sharing an interesting story for educational purposes,
Consumers care deeply about privacy but take few steps to protect themselves. Most Americans want control over their personal data and what is collected about them, yet few change their online behaviors to avoid tracking. Stolen identities and data records are frequently bought and sold on the dark web, with social security numbers sold for just $1. The average cost of a data breach for large companies is $6.5 million. As more devices and records are connected, privacy risks grow substantially without comprehensive privacy laws or protections.
This document discusses the growing threat of ransomware cybercrime. It describes how ransomware works by encrypting files and demanding payment, usually in bitcoin, to decrypt them. Ransomware attacks are increasingly targeting state and local governments, police departments, hospitals, and other organizations. While preventing and prosecuting ransomware attacks is difficult, organizations like the Multi-State Information Sharing and Analysis Center work to help state and local governments strengthen their cybersecurity and detect ransomware and other malware threats.
The document summarizes cyber threat trends in 2018 according to a Symantec report. It saw a rise in formjacking attacks that steal payment card data, though cryptojacking activity declined along with cryptocurrency values. Ransomware infections decreased overall but rose for enterprises. Living off the land attacks using tools like PowerShell increased substantially. Targeted attacks grew more sophisticated with groups targeting operational systems and destructive malware.
The DarkNet is the hidden part of the internet that lies below the surface of the regular internet and represents 96% of total internet content. It can only be accessed using specialized software like Tor and is used to anonymously facilitate illegal activities such as weapons, drugs and child pornography trades. Human intelligence is needed to effectively monitor the DarkNet since automated tools have limitations in analyzing unstructured data and discerning critical information. Cyber intelligence analysts have used human techniques like social engineering and threat profiling on the DarkNet to help law enforcement prevent terrorist attacks and identify compromised systems and stolen information. The application of human intelligence collection is essential to having a comprehensive approach to cybersecurity issues emerging from the DarkNet.
In 2017, there were over 1,765 data breach incidents compromising over 2.6 billion records. The largest breaches stemmed from poor security practices and accidental data exposures, rather than external hacking attacks. Notable breaches included the Equifax breach of 147 million Americans' personal data due to unpatched vulnerabilities, and accidental exposures of personal data by Deep Root Analytics, River City Media, and Alteryx due to misconfigured cloud storage settings. Looking ahead, new regulations like the EU's GDPR have the potential to increase transparency around data breaches.
- Cybersecurity risks are a growing concern for organizations as high-profile data breaches continue to occur globally, exposing millions of customer records. Common causes of breaches include targeted emails, virus/malware infections, and human error.
- Traditional perimeter-based security defenses are no longer sufficient as attackers become more sophisticated. Organizations need to rely on tools that monitor behavior and enable rapid response, but many have not implemented these.
- Internal audit can play a key role by integrating cybersecurity into audit plans, increasing board engagement, and helping organizations assess and strengthen their ability to identify, assess, and mitigate cybersecurity risks. Regular breach detection audits and reviews of third-party access are also recommended.
This brief presentation gives you a quick overview on how the Cyber Threat Landscape is shaping up in 2017 for individuals and business owners alike. It puts forth some important trends and predictions.
The online shadow economy refers to the criminal black market on the internet. It is worth over $105 billion globally and involves tens of thousands of specialized participants. Malware authors can produce new, unique malware every 45 seconds to stay ahead of detection methods. The shadow economy operates like a legitimate economy, with various criminal roles specialized in activities like malware creation, distribution, identity theft, and money laundering.
Network Insights of Dyre and Dridex Trojan BankersBlueliv
This document summarizes research on the Dyre and Dridex banking Trojans. It describes how they infect systems through malicious emails and documents containing macros or URLs. Both Trojans communicate with command and control servers over an encrypted peer-to-peer network to steal credentials, transfer funds, and avoid detection. The analysis provides insight into the complex architecture that allows these botnets to operate resiliently on a global scale.
The document summarizes McAfee's Threats Report for the third quarter of 2013. Some key points:
- Mobile malware increased 33% while overall new malware exceeded 20 million. New ransomware and rootkits also rose.
- Digital currencies like Bitcoin are increasingly used by cybercriminals for money laundering and anonymous transactions on dark web markets. The shutdown of Silk Road prompted new illegal sites.
- The "Deep Web" contains unregulated online markets selling illegal drugs, weapons, credit cards, and even murder-for-hire services accessible through Tor and paid with Bitcoin.
- Hacktivism and political hacking increased, while spam volume reached its highest level since 2010. Browser
Supersized Security Threats – Can You Stop 2016 from Repeating?Valerie Lanzone
2016 was a year in which everything was bigger – bigger breaches, larger attacks, and bigger repercussions. Whether it was the evolution of DDoS attacks into the record-shattering Mirai botnet that disrupted large portions of the internet or insidious commercial banking Trojans available for sale as ready-made malware kits, the tone of cyberattacks darkened in 2016 while illuminating one key fact: many companies are not applying basic security fundamentals to their IT environments.
Attend this webinar to learn:
The top-level security trends from 2016, and what it could mean for 2017, including the political and intellectual property concerns stemming from large-scale data leaks
Why classic attack vectors continue to be a weapon of choice for those seeking to disrupt operations and steal data
Why a lower attack rate for the average security client may not be good news
What steps your organization can take to protect against these attacks
2009 10 21 Rajgoel Trends In Financial CrimesRaj Goel
The document summarizes trends in various types of financial crimes including data breaches, identity theft, mortgage fraud, and other cybercrimes from 2005 to 2009. It discusses specific cases like the Sony rootkit scandal and fraud involving forged deeds and stolen identities that resulted in people losing their homes. The document also mentions the large economic impact of crimes like telemarketing fraud and the growing problem of botnets and zombie computers being used to steal data and money.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
The report summarizes McAfee's findings on cyber threats from the first quarter of 2010. Key points include:
- Spam volumes returned to mid-2008 levels after declining in late 2009. Pill and male enhancement messages made up over 70% of spam.
- Different types of spam were most common in different countries. For example, malware and drugs messages were popular from China while 419 scams and watches messages came mostly from Nigeria.
- Attacks continued to target popular software like Adobe Reader and Microsoft Internet Explorer. Cybercriminals also increasingly targeted social media like Facebook.
- Major cyberattacks in the quarter included Operation Aurora, which compromised many large companies by targeting software vulnerabilities.
The document discusses software backdoors and their ethical implications. It begins by defining a backdoor as an intentional security flaw that allows unauthorized access. It then examines why backdoors are concerning, providing examples like the Clipper Chip and the San Bernardino case. Both sides of the argument are presented, with concerns over backdoors including precedent for misuse and the case for including enabling surveillance. The document concludes by discussing ethical viewpoints like egoism and Kantianism as they apply to the issues raised around software backdoors.
The FBI is the lead federal agency for investigating malicious cyber activity by criminals, nation-state adversaries, and terrorists. To fulfill this mission, the FBI often develops resources to enhance operations and collaboration. One such resource is the FBI’s Internet Crime Complaint Center (IC3) which provides the public with a trustworthy and convenient mechanism for reporting information concerning suspected Internet-facilitated criminal activity. At the end of every year, the IC3 collates information collected into an annual report.
Credit is due to all original authors and no financial gain was made from the blog, Simply sharing an interesting story for educational purposes,
Consumers care deeply about privacy but take few steps to protect themselves. Most Americans want control over their personal data and what is collected about them, yet few change their online behaviors to avoid tracking. Stolen identities and data records are frequently bought and sold on the dark web, with social security numbers sold for just $1. The average cost of a data breach for large companies is $6.5 million. As more devices and records are connected, privacy risks grow substantially without comprehensive privacy laws or protections.
This document discusses the growing threat of ransomware cybercrime. It describes how ransomware works by encrypting files and demanding payment, usually in bitcoin, to decrypt them. Ransomware attacks are increasingly targeting state and local governments, police departments, hospitals, and other organizations. While preventing and prosecuting ransomware attacks is difficult, organizations like the Multi-State Information Sharing and Analysis Center work to help state and local governments strengthen their cybersecurity and detect ransomware and other malware threats.
The document summarizes cyber threat trends in 2018 according to a Symantec report. It saw a rise in formjacking attacks that steal payment card data, though cryptojacking activity declined along with cryptocurrency values. Ransomware infections decreased overall but rose for enterprises. Living off the land attacks using tools like PowerShell increased substantially. Targeted attacks grew more sophisticated with groups targeting operational systems and destructive malware.
The DarkNet is the hidden part of the internet that lies below the surface of the regular internet and represents 96% of total internet content. It can only be accessed using specialized software like Tor and is used to anonymously facilitate illegal activities such as weapons, drugs and child pornography trades. Human intelligence is needed to effectively monitor the DarkNet since automated tools have limitations in analyzing unstructured data and discerning critical information. Cyber intelligence analysts have used human techniques like social engineering and threat profiling on the DarkNet to help law enforcement prevent terrorist attacks and identify compromised systems and stolen information. The application of human intelligence collection is essential to having a comprehensive approach to cybersecurity issues emerging from the DarkNet.
In 2017, there were over 1,765 data breach incidents compromising over 2.6 billion records. The largest breaches stemmed from poor security practices and accidental data exposures, rather than external hacking attacks. Notable breaches included the Equifax breach of 147 million Americans' personal data due to unpatched vulnerabilities, and accidental exposures of personal data by Deep Root Analytics, River City Media, and Alteryx due to misconfigured cloud storage settings. Looking ahead, new regulations like the EU's GDPR have the potential to increase transparency around data breaches.
- Cybersecurity risks are a growing concern for organizations as high-profile data breaches continue to occur globally, exposing millions of customer records. Common causes of breaches include targeted emails, virus/malware infections, and human error.
- Traditional perimeter-based security defenses are no longer sufficient as attackers become more sophisticated. Organizations need to rely on tools that monitor behavior and enable rapid response, but many have not implemented these.
- Internal audit can play a key role by integrating cybersecurity into audit plans, increasing board engagement, and helping organizations assess and strengthen their ability to identify, assess, and mitigate cybersecurity risks. Regular breach detection audits and reviews of third-party access are also recommended.
This brief presentation gives you a quick overview on how the Cyber Threat Landscape is shaping up in 2017 for individuals and business owners alike. It puts forth some important trends and predictions.
The online shadow economy refers to the criminal black market on the internet. It is worth over $105 billion globally and involves tens of thousands of specialized participants. Malware authors can produce new, unique malware every 45 seconds to stay ahead of detection methods. The shadow economy operates like a legitimate economy, with various criminal roles specialized in activities like malware creation, distribution, identity theft, and money laundering.
Network Insights of Dyre and Dridex Trojan BankersBlueliv
This document summarizes research on the Dyre and Dridex banking Trojans. It describes how they infect systems through malicious emails and documents containing macros or URLs. Both Trojans communicate with command and control servers over an encrypted peer-to-peer network to steal credentials, transfer funds, and avoid detection. The analysis provides insight into the complex architecture that allows these botnets to operate resiliently on a global scale.
Discuss similarities and differences between and Trojan.docxwrite12
Viruses, worms, and Trojan horses are types of malware that pose threats to computers and users in different ways. Viruses require human action to spread, like opening an infected file, while worms can spread automatically between devices without user interaction. Trojan horses also require user involvement by disguising themselves as legitimate files or programs to gain access to systems. Each type of malware allows attackers to access systems for purposes like stealing data, spying, or launching other attacks.
Discuss similarities and differences between and Trojan.docxbkbk37
Viruses, worms, and Trojan horses are types of malware that pose threats to computers and networks in different ways. Viruses require human action to spread, usually by infecting files, while worms can spread automatically through networks. Trojan horses conceal malicious functions within seemingly harmless programs. Cyberattacks have become easier to carry out remotely without risk of detection, as seen in ransomware attacks against organizations, while attribution of attacks to specific actors remains difficult.
Software piracy involves illegally copying or distributing copyrighted software without permission from the copyright holder. It deprives software companies of significant earnings each year from lost sales. Some of the most commonly pirated software titles in 2007 included Norton Anti-Virus, Adobe Photoshop, and AutoCAD. While software piracy may seem like a victimless crime, it negatively impacts both individuals and society by potentially exposing people to malware, costing jobs, raising legal software prices, and undermining the creative work of software developers. Individuals can help address this issue by educating themselves and others, reporting known cases of piracy, and only using properly licensed software.
The document discusses several topics:
1) The February issue of (IN)SECURE Magazine focuses on Android security, thoughts from Facebook's CSO, and the creator of Metasploit. It also covers web, mobile, and shellcode security.
2) The editor looks forward to attending the upcoming RSA Conference to cover news, meet with companies and readers, and discover new technologies on the expo floor. Readers are advised they may be featured if photographed.
3) Contact details are provided for the magazine's editor, managing editor, marketing director, and distribution terms are stated.
Cybercrime poses a significant and growing threat to the mortgage industry and other businesses. Criminals are targeting consumer financial information through cyber attacks on companies, and the scale of cybercrime now exceeds the illegal drug trade with estimated annual profits of $100 billion. While many businesses have been slow to adopt security standards, the mortgage industry and LOS providers in particular must take steps to protect borrower data, such as obtaining cyber liability insurance and undergoing independent security audits. As technology continues to evolve, cybercriminals will as well, requiring ongoing vigilance to safeguard against new threats.
Technical development is what most people think of when they think of attackers. This aspect of hacking requires computer-savvy actors performing development activities that include research to find zero-day vulnerabilities, development of exploits for these vulnerabilities, and tools to automate the different pieces of a hack (bot-nets, data exfiltration, etc.).
The Business of Hacking - Business innovation meets the business of hackingat MicroFocus Italy ❖✔
Introduction
Attackers are sophisticated. They are organized. We hear these statements a lot but what
do they mean to us? What does it mean to our businesses? When we dig deeper into the
“business of hacking,” we see that the attackers have become almost corporate in their behavior.
Their business looks a lot like ours. Cyber criminals look to maximize their profits and minimize
risk. They have to compete on quality, customer service, price, reputation, and innovation. The
suppliers specialize in their market offerings. They have software development lifecycles and
are rapidly moving to Software as a Service (SaaS) offerings. Our businesses overlap in so many
ways that we should start to look at these attackers as competitors.
This paper will explore the business of hacking: the different ways people make money by
hacking, the motivations, the organization. It will break down the businesses’ profitability and
risk levels, and provide an overall SWOT analysis. From this, opportunities for disruption will be
discussed and a competitive approach for disrupting the business of hacking will be laid out.
The information in this paper draws on data and observations from HPE Security teams, open
source intelligence, and other industry reports as noted.
Whether building in enterprise security or applying security intelligence and advanced analytics,
we can use our understanding of the business of hacking and the threats to our specific
businesses to ensure that we are investing in the most effective security strategy.
A Joint Study by National University of Singapore and IDCMicrosoft Asia
This document summarizes the key findings of a study on the link between pirated software and cybersecurity breaches:
1) The study found that consumers and enterprises have a 33% chance of encountering malware when obtaining pirated software or buying a PC with pirated software pre-installed. A forensic analysis of 203 PCs found 61% were infected with malware.
2) Consumers will spend $25 billion dealing with security issues caused by malware on pirated software in 2014. Enterprises will spend $491 billion, with $315 billion resulting from criminal organizations' activities.
3) Asia Pacific will incur over 40% of worldwide consumer losses and over 45% of enterprise losses from malware on pir
Lesson iv on fraud awareness (cyber frauds)Kolluru N Rao
1. This document provides an overview of cyber crimes and fraud, defining key terms like fraud, cyber crimes, and social engineering.
2. It describes common types of cyber crimes such as phishing, smishing, vishing, and synthetic identity theft. Cyber stalking, hacking, viruses, and ransomware attacks are also outlined.
3. Safety tips are provided to help prevent people from becoming victims of cyber crimes, including using strong passwords, avoiding public WiFi for financial transactions, and reporting any suspected criminal activity to the police.
1. The document discusses various types of cyber crimes and frauds, providing definitions and examples. It covers topics like social engineering, phishing, cyber stalking, ransomware attacks, and viruses.
2. Types of fraud discussed include COVID-19 related scams, synthetic identity theft, and cyber warfare. Social engineering, phishing emails, SMS phishing ("smishing"), and phone phishing ("vishing") are described as common techniques used.
3. Details are given on how different cyber crimes are carried out, including stages of cyber attacks, how synthetic identities are created, and how viruses and trojans can infiltrate systems covertly. A wide range of attacks targeting individuals and organizations are outlined
Cyber crime is a growing problem as more activities move online. There are many types of cyber crimes, including hacking, identity theft, and cyberbullying. Cyber criminals operate in organized networks similar to businesses, with different roles like leaders, engineers, and money mules. They are motivated by profit and use various technical methods and resources to attack networks and systems. Governments struggle to combat cyber crime due to its global and anonymous nature online.
Article is your organisation ready for the next ransomware attack - paul wr...Paul Wright MSc
May 2020 – Paul Wright authour of the Article in the CXO Insight Middle East
"Is Your Organisation Ready For The Next Ransomware Attack?"
https://bit.ly/3tzwC6o
This document is a report on cyber crime submitted by a student. It begins with an acknowledgement and abstract. The report categorizes cyber crimes as those against individuals, property, or government. It describes various types of cyber crimes like hacking, theft, cyber stalking, and cyber terrorism. It discusses some notable cyber attacks in history like the "I love you" worm in 2000 and Conficker worm in 2007 that caused billions in damages. The report aims to provide an overview of the broad topic of cyber crime.
Natalie Acevedo is pursuing a Bachelors of Fine Arts in Graphic Design from Sanford-Brown College in San Antonio, Texas. She has 5 years of experience creating logos for private companies using both traditional art and design software. Her technical skills include branding, identity design, typography, and print/digital advertisements. Her work experience includes freelance graphic design projects and retail jobs at Tuesday Morning and Macy's.
Natalie Acevedo is pursuing a Bachelors of Fine Arts in Graphic Design from Sanford-Brown College in San Antonio, Texas. She has 5 years of experience creating logos for private companies using both traditional art and design software. Her technical skills include branding, identity design, typography, and print/digital advertisements. Her work experience includes freelance graphic design work and retail jobs at Tuesday Morning and Macy's.
This document provides an overview of cyber crime case studies from India and around the world. It begins with definitions of common cyber crime terms like malware, phishing, denial of service attacks, and unauthorized access. It then discusses the growth of cyber crime as a $105 billion business that now surpasses the illegal drug trade. Several case studies from India are presented that illustrate crimes like insulting images posted online and financial fraud. The document concludes with a section on cyber crime convictions and judgments in India.
Similar to The Brazilian Cybercriminal Underground in 2015 (20)
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryFelipe Prado
The document discusses strategies for red teaming Active Directory security. It begins with an overview of Active Directory components and how they can be exploited by attackers. It then covers offensive PowerShell techniques and how PowerShell security can be bypassed. The document also provides methods for effective Active Directory reconnaissance, including discovering administrator accounts and network assets without port scanning. Finally, it discusses some Active Directory defenses that can be deployed and potential bypass techniques.
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
The document discusses vulnerabilities found in seismological network devices that could allow remote exploitation. It begins with a disclaimer and agenda. The speakers are then introduced as researchers from Costa Rica who were interested in these networks due to potential attack scenarios. Through a search engine, they discovered vulnerabilities in devices from multiple vendors. The talk demonstrates taking control of a device and outlines impacts such as sabotage. Recommendations are made to vendors to improve security of these critical scientific instruments.
DEF CON 24 - Tamas Szakaly - help i got antsFelipe Prado
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms for those who already suffer from conditions like anxiety and depression.
DEF CON 24 - Ladar Levison - compelled decryptionFelipe Prado
This document appears to be a preview of slides for a presentation at DEF CON 24 about compelled decryption. The slides discuss the difference between first and third parties in communications and the Communications Assistance for Law Enforcement Act. It also lists several third parties like technology companies and individuals that could potentially be compelled to decrypt communications. The document indicates that it is a preliminary version and the slides may be altered before the actual presentation.
Deep learning systems are susceptible to adversarial manipulation through techniques like generating adversarial samples and substitute models. By making small, targeted perturbations to inputs, an attacker can cause misclassifications or reduce a model's confidence without affecting human perception of the inputs. This is possible due to blind spots in how models learn representations that are different from human concepts. Defending against such attacks requires training models with adversarial techniques to make them more robust.
DEF CON 24 - Chris Rock - how to overthrow a governmentFelipe Prado
This document outlines various strategies and tactics for overthrowing a government through covert and clandestine means, including cyber espionage, propaganda, agitation of public unrest, sabotage of critical infrastructure, and manipulation of financial systems. It discusses using mercenaries and private intelligence agencies to carry out these activities at an arm's length from sponsorship by nation states. Specific examples from Kuwait in 2011 are referenced to illustrate techniques for fomenting revolution through cyber and information operations.
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareFelipe Prado
This document discusses various ways that hardware can become "bricked", or rendered unusable, through both software and hardware issues. It covers 101 different bricking scenarios across firmware, printed circuit boards, connectors, integrated circuits, and unexpected situations. Examples include wiping firmware, damaging traces on PCBs, breaking solder joints on connectors, applying too much voltage to ICs, and devices being bricked by environmental factors. The document provides tips for both bricking and avoiding bricking hardware, as well as techniques for potentially unbricking devices.
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...Felipe Prado
This document provides an overview of a talk on novel USB attacks that can provide remote command and control of even air-gapped machines with minimal forensic footprint. It describes building an open-source toolset using freely available hardware that implements a stealthy bi-directional communication channel over USB using a keyboard/mouse and generic HID profiles to deploy payloads and proxy traffic without touching the network. The talk will demonstrate attacking Windows systems by staging payloads in memory to avoid disk artifacts and establishing a VNC session without user interaction or malware deployment. Source code and documentation for the toolset, called USaBUSe, will be released on GitHub at Defcon.
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationFelipe Prado
The document discusses common challenges and failures that can occur when conducting phishing campaigns professionally. It outlines eleven stories of phishing failures caused by issues like poor scheduling, spam filters blocking emails, not having enough target email addresses, domain name choices being too obvious, and lack of communication. For each failure, it provides recommendations on how to avoid the problem by improving collaboration, communication, planning and negotiation with the client organization. The overall message is that success requires treating phishing engagements as multi-party negotiations and managing expectations through clear communication and involvement of all stakeholders.
The document discusses vulnerabilities found in human-machine interface (HMI) solutions used for industrial control systems. It details a case study of multiple stack-based buffer overflow vulnerabilities found in Advantech WebAccess through an RPC service that could allow remote code execution. The vulnerabilities were caused by improper validation of user-supplied input to functions like sprintf and strcpy. While patches were released, analysis showed the fixes did not fully address the underlying problems with input handling.
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistFelipe Prado
This document summarizes tool-assisted speedruns (TAS) of video games. It discusses how emulators and tools are used to play games faster than humanly possible by deterministically recording every input. Advanced techniques like memory searching and scripting push games to their limits. Console verification devices were developed to play back TAS movies on original hardware. The document argues that TAS tools are like penetration testing tools and can be used to find and exploit vulnerabilities in games. It demonstrates an arbitrary code execution in Pokemon Red using an unintended opcode execution.
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksFelipe Prado
This document shows a graph with distance on the x-axis ranging from 0 to 35 meters and Received Signal Strength (RSS) in dBm on the y-axis ranging from -100 to -40 dBm. The graph contains a line for a model with a path loss exponent of 2.0 as well as scattered data points representing collected RSS measurements.
This document provides an overview of a hands-on, turbocharged pragmatic cloud security training that covers topics in a fraction of the normal time by slimming down four days of material into four hours. It will cover configuring production-quality AWS accounts, building deployment pipelines, and automating security controls. Most examples will use Ruby and Python. Nearly all labs will be in AWS. There will be minimal slides and hand-holding. Participants are responsible for their own AWS bills after the training.
DEF CON 24 - Grant Bugher - Bypassing captive portalsFelipe Prado
The document discusses the results of a study on the impact of COVID-19 lockdowns on air pollution. Researchers analyzed data from dozens of countries and found that lockdowns led to an average decline of nearly 30% in nitrogen dioxide levels over cities. However, they also observed that this improvement was temporary and air pollution rebounded once lockdowns were lifted as vehicle traffic increased again. The short-term reductions could help policymakers design better emission control strategies in the future.
DEF CON 24 - Patrick Wardle - 99 problems little snitchFelipe Prado
Little Snitch is a host-based firewall for macOS that intercepts connection attempts and allows the user to approve or deny them. The document discusses understanding, bypassing, and reversing Little Snitch. It provides an overview of Little Snitch's components and architecture, describes several methods for bypassing its network filtering, and examines techniques for interacting with and disabling Little Snitch's kernel extension through the I/O Kit framework.
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...Felipe Prado
The document summarizes two presentations on cracking electronic safe locks. It discusses cracking a Sargent & Greenleaf 6120 safe lock by using a power analysis side-channel attack to recover the keycode stored in clear in the lock's EEPROM. It also discusses cracking a Sargent & Greenleaf Titan PivotBolt safe lock by using a timing side-channel attack to recover the keycode, and defeating the lock's incorrect code lockout feature.
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksFelipe Prado
This document discusses hacking heavy trucks and related networking protocols. It describes building a "Truck-in-a-Box" simulator to experiment with truck electronics and protocols like J1939 and J1708. The document outlines adventures in truck hacking, including modifying engine parameters, impersonating an engine control module, and exploiting bad cryptography. Details are provided on new hardware tools like the Truck Duck for analyzing truck communication networks.
DEF CON 24 - Dinesh and Shetty - practical android application exploitationFelipe Prado
The document provides an overview of a workshop on practical Android application exploitation. The workshop aims to teach skills for performing reverse engineering, static and dynamic testing, and binary analysis of Android applications. It will use demonstrations and hands-on exercises with custom applications like InsecureBankv2. The workshop focuses on discovery and remediation, targeting intermediate to advanced skill levels. It will cover tools, techniques, and common vulnerabilities to exploit Android applications.
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncFelipe Prado
The document discusses vulnerabilities in VNC implementations that allow unauthenticated access. It notes that a scan of the internet found over 335,000 VNC servers, with around 8,000 having no authentication. This lack of authentication allows attackers to access and "pivot" into internal networks. The document provides statistics on different VNC protocol versions found and describes exploits that could allow compromising devices to access additional internal systems through insecure VNC implementations and proxies.
DEF CON 24 - Antonio Joseph - fuzzing android devicesFelipe Prado
Droid-FF is an Android fuzzing framework that aims to automate the fuzzing process on Android devices. It uses Python scripts and integrates fuzzing tools like Peach and radamsa to generate test case data. The framework runs fuzzing campaigns on Android devices, processes the logs to identify crashes, verifies the crashes are unique, maps crashes to source code locations, and analyzes crashes for exploitability using a GDB plugin. The goal of Droid-FF is to make fuzzing easier on mobile devices and help find more crashes and potential vulnerabilities in Android applications and frameworks.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
2. TREND MICRO LEGAL DISCLAIMER
The information provided herein is for general information
and educational purposes only. It is not intended and
should not be construed to constitute legal advice. The
information contained herein may not be applicable to all
situations and may not reflect the most current situation.
Nothing contained herein should be relied on or acted
upon without the benefit of legal advice based on the
particular facts and circumstances presented and nothing
herein should be construed otherwise. Trend Micro
reserves the right to modify the contents of this document
at any time without prior notice.
Translations of any material into other languages are
intended solely as a convenience. Translation accuracy
is not guaranteed nor implied. If any questions arise
related to the accuracy of a translation, please refer to
the original language official version of the document. Any
discrepancies or differences created in the translation are
not binding and have no legal effect for compliance or
enforcement purposes.
Although Trend Micro uses reasonable efforts to include
accurate and up-to-date information herein, Trend Micro
makes no warranties or representations of any kind as
to its accuracy, currency, or completeness. You agree
that access to and use of and reliance on this document
and the content thereof is at your own risk. Trend Micro
disclaims all warranties of any kind, express or implied.
Neither Trend Micro nor any party involved in creating,
producing, or delivering this document shall be liable
for any consequence, loss, or damage, including direct,
indirect, special, consequential, loss of business profits,
or special damages, whatsoever arising out of access to,
use of, or inability to use, or in connection with the use of
this document, or any errors or omissions in the content
thereof. Use of this information constitutes acceptance for
use in an “as is” condition.
Contents
Underground players
4
Brazilian underground
offerings
8
Challenges ahead
28
3. The fastest route to cybercriminal superstardom can be found in Latin
America, particularly in Brazil. Any criminal aspirant can gain overnight
notoriety with just a little bit of moxie and the right tools and training,
which come in abundance in the country’s untamed underground.
This past year, we observed an influx of new players in the scene. Most
of them are young and bold individuals with no regard for the law. Unlike
their foreign counterparts, they do not rely so much on the Deep Web for
transactions. They exhibit blatant disregard for the law by the way they
use the Surface Web, particularly popular social media sites like Facebook™
and other public forums and apps. Using online aliases on these sites, they
make names for themselves, flagrantly showing off all the spoils of their
own mini operations. Although they share what they know to peers, they
mostly work independently, trying to outdo the competition and ascend the
ranks to become the top players in their chosen fields.
Online banking is their biggest target; this makes banking malware and
respective how-to tutorials prevalent. This trend remains consistent with
what we reported two years ago1
. But since then, new offerings have also
sprouted, including localized ransomware and personally identifiable
information (PII)-querying services. Illegal goods that were only peddled in
Brazil’s backstreets have likewise crossed over to the underground. Anyone
can now purchase counterfeit money and fake diplomas online.
The brazenness of cybercriminal operations should come as no surprise.
Brazilian law enforcement agencies already have a lot on their plate; budding
criminals online are only additions to their list of challenges. Although they
have started investing in the fight against this growing problem, will their
efforts be enough to at least slow down its pace?
5. 5 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Underground players
Brazilian cybercriminals operate either solo or in groups, though more often than not, they prefer to work
individually. They can be classified under two main categories—developers and operators.
Developers are educated individuals who turned cybercrime into a lucrative job. They aid their fellow
cybercriminals, in a way, by providing malware that they themselves created. Unlike cybercriminals in
other regions, they do not use the Deep Web as much. As stated earlier, Brazilian cybercriminals have little
to no regard for law enforcement. Their audacity allows them to take their operations to the Surface Web.
They use publicly accessible social networking platforms like Facebook, Twitter™, YouTube™, Skype™,
and WhatsApp™, as well as Internet Relay Chat (IRC), TorChat, and forums for business transactions.
Operators, meanwhile, purchase malicious wares from developers and try to profit by using them against
certain targets.
Developers
Typical developers are young and have a working knowledge of creating software. More often than not,
they are students who picked up their skills in school. Ease of access to malware training and tools, along
with their current financial circumstances, could be some of the factors that drove them to start venturing
into the underground. The weakness of Brazil’s laws against cybercrime also made them bold enough to
even publicly advertise their success.
One such developer is the notorious 20-year-old Lordfenix2
whom we profiled in June 2015. This computer
science student was able to build more than 100 banking Trojans that can bypass Brazilian banks’ security
measures. This has earned him a reputation as one of the country’s top banking malware creators. He
supposedly started developing his own malware when he was still in high school and remains an active
underground player to date.
6. 6 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Figure 1: Lordfenix telling his friends he has to study for the Exame Nacional do
Ensino Médio (ENEM), which is the equivalent of the SAT in the United States (US)
Figure 2: Message with the subject, “Warning: Vacation has ended,” that Lordfenix sends
to his malware operators; this could mean he can work more on his malicious creations
Figure 3: Lordfenix’s post boasting of his Trojan’s success
7. 7 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
We investigated another professional developer known as “Anntrax” who publicly posted a video
advertising a banking Trojan that he created. He remains an active underground player to date. A screen
capture of his computer shows that he uses disk partitions, which amateur computer users may not know.
Particularly interesting was his TRABALHO (Portuguese for “work”) partition, which apparently contained
several directories for malicious creations like keyloggers, crypters, and exploit kits.
Figure 4: Different directories in Anntrax’s TRABALHO partition
(Note that this was captured from a publicly accessible video.)
Operators
Unlike developers who sell their creations to fellow cybercriminals, operators interface with actual victims.
They buy malware from developers or rent cybercriminal infrastructure via the crime-as-a-service (CaaS)
business model. Their modus operandi vary, depending on how they use the wares they purchase.
The cybercriminal behind FighterPoS3
is an operator. Law enforcement agencies can more easily catch
operators but have a harder time tracking down malware developers.
In August 2015, the Goiás State Civil Police arrested 20 people who were involved in bank card cloning
and other kinds of fraud4
. Those arrested reportedly stole a total of US$200,000.
9. 9 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Brazilian underground
offerings
The Brazilian underground is still heavily congested with banking malware, which could be largely attributed
to the continued popularity of online banking5
in the country. A few additional offerings like multiplatform
and local-flavored (made in Brazil and uses Portuguese) ransomware, modified Android™ apps, and PII-
related services. Tutorials remain popular since they help cybercrime newbies learn important tricks of the
trade. Some trainers could also be using these courses to recruit gang members.
Typical criminal modus operandi seen in the backstreets of Brazil have gone digital and are currently
making waves in the country’s underground market. We have, for instance, seen fake diplomas and
counterfeit money for sale.
Latest market entrants
Ransomware
Ransomware’s massive success and continued prevalence worldwide6
make them a very important tool in
any cybercriminal’s arsenal. It was really just a matter of time before Brazilian cybercriminals created their
own version of the malware, given their effectiveness.
For US$3,000 or 9 BTC, cybercriminals can use an unlimited number of multiplatform ransomware from
the seller’s arsenal in a span of a week. These threats run on Windows®, Linux®, Android, iOS™, and OS
X™ devices. They encrypt .JPG, .PNG, .GIF, .PDF, .TXT, .SQL, .DOC, .XLS, .HTML, .HTM, .XHTML, .BMP,
and .PHP files using Triple Data Encryption Standard (DES) (3DES), Advanced Encryption Standard (AES),
DES, or Rivest Cipher 4 (RC4).
10. 10 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Figure 5: For 9 BTC per week, cybercriminals can use the ransomware of their choice for attacks
In one ad, a seller even noted that the piece of FileCrypter ransomware includes a full panel showing the
number of devices it infected, details on the users who paid the ransom, and the total amount he has
received as payment so far. Paying the ransom doesn’t ensure that those who gave in won’t be targeted
again, given that the cybercriminals knew they have the capacity to pay. The fact that victims were asked
to pay in bitcoins (BTC) also suggests the increasing popularity of the cryptocurrency in the country.
Modified Android apps
Modified Android apps also recently figured in the Brazilian underground. These have been configured
to pay for prepaid credits with stolen credit card credentials. Even better, users weren’t even required to
key in additional information, including the Credit Verification Value (CVV) number and billing address, to
complete transactions. These modified apps’ Android application packages (APKs) can be obtained from
underground forums.
Figure 6: Post advertising modified Android apps that allowed users to buy
prepaid credits with stolen credit card credentials
11. 11 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
This underground offering’s emergence could be attributed to the high mobile device penetration rate
in Brazil (142% as of April 2015)7
. Most Brazilians even accessed the Web via mobile devices instead of
computers. Even organizations and companies encouraged customers to use mobile devices for all kinds
of business transactions.
PII-querying services
Cybercriminals in Brazil have also started offering services that involved stealing victims’ PII that they
can then sell to others for 0.015 BTC (US$6.81)*. Some cybercriminals even claimed to have access to
vehicle registration plate databases. The stolen PII could be from hacked or compromised databases
like CadSUS (Brazil’s national health card system). In some cases, government employees have been
reported guilty of selling access to national databases.
Figure 7: Ad touting stolen PII for sale
Buyers of stolen PII can easily register domains and send out spam for various malicious purposes.
_________
* Currency exchange rate as of 16 December 2015 was used throughout this paper (1 BTC = US$461.26)
12. 12 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Brazilian underground staples
Malware
Banking Trojans continued to heavily figure in the Brazilian underground. Most of the banking malware
seen today continue to have ties to Brazil (often made or distributed by locals or residents). Several
factors could have led to this like the high online banking adoption rate in the country. More than 40% of
Brazil’s population banked online as of 2014. Brazilians would rather use their computers or smartphones
to check their account balances online more than physically go to their bank branches or call designated
hotlines8
.
Japan
Vietnam
US
India
Brazil
Turkey
China
UK
Philippines
Thailand
Others
12%
9%
9%
6%
5%
4%
4%
4%
4%
3%
40%
Figure 8: Brazil accounted for 5% of the total number of online banking malware
detections in the third quarter of 20159
Based on our research, some banking malware were capable of locking users’ device or computer screens
after security checks have been made while attackers illegally transferred money to their own accounts
in the background. This capability gave law enforcement agencies a harder time tracking the responsible
cybercriminals.
KAISER malware
KAISER malware can bypass Sicredi’s (a Brazilian credit union) time-based tokenization system, among
others. They can also put customers of Banco do Brasil, Itaú, HSBC, Santander, and Bradesco at great
risk. Operators usually sent out KAISER-laden spam to intended recipients. Every time users of infected
systems visited target banks’ sites, KAISER logged their keystrokes. Cybercriminals then obtained victims’
13. 13 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
account numbers for a variety of nefarious purposes.
KAISER also opened fake windows (on top of the real ones) so the cybercriminals could obtain the
victims’ tokens. When we analyzed a KAISER sample, we found a fake window (with a fake form) that
asked victims to key in their tokens when asked by (supposedly) Sicredi. Filling in the said form sends the
token to the KAISER operator who then freezes the victim’s device or computer screen while transferring
as much money as possible to their own accounts.
Figure 9: Fake form that appears on KAISER-infected systems
when Sicredi customers are asked to input their tokens
Proxy keyloggers
Proxy keyloggers are known for redirecting victims’ browsers to phishing pages every time they access
target banks’ official sites on infected computers. These have a remote desktop access feature that
allowed cybercriminals to access and even control victims’ screens. Certain Proxy variants even had
Proxy Auto Configuration (PAC) scripts that let them select what proxy servers to use (preferably those
that can’t be traced back to the operators).
We found a post selling a Proxy variant that had a remote access feature and came with a customizable
crypter for R$5,000 (US$1,279.02)**. Buyers can log keystrokes from as many as 15 sites, including those
of PayPal and HSBC. They even get access to 24 x 7 support services.
_________
** Currency exchange rate as of 16 December 2015 was used throughout this paper (US$1 = R$3.91)
14. 14 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Figure 10: Post promoting Proxy keyloggers
Remota keyloggers
Remota (Brazilian for “remote”) keyloggers have the ability to fake all kinds of browser windows every time
users access target bank sites on infected computers. And for R$2,000 (US$511.61), operators even get
full support and updates each week.
Figure 11: Remota keyloggers’ features
DNS changers
Full source codes for Domain Name System (DNS) changers are sold for R$5,000 (US$1,279.02) in
the Brazilian underground. Note that prices may vary, depending on the seller’s level of expertise, the
programming language used, and infection routines. Offerings like these come in a .ZIP file with detailed
instructions for use and malware samples when bought.
15. 15 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Figure 12: Sample DNS changer package sold underground
DNS changers redirect victims to phishing pages every time they access a target site. These allowed
cybercriminals to steal victims’ site credentials (usernames, passwords, etc.). DNS changers can not only
affect computers though, as we’ve seen them set their sights on home routers10
in May 2015. Most of the
DNS changers developed in Brazil are written in JavaScript though compiled versions are also available
underground.
Figure 13: Sample contents of a compiled DNS malware package sold underground
16. 16 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Cybercrime training
Carding
We found an ad for a three-month-long carding training in the Brazilian underground. This includes lessons
on creating malware, setting up botnets, and obtaining victims’ credit card data, among others. In the
first month, trainees learn how to access a database containing stolen credit card credentials. They will
then be taught what to do when a purchase made with a stolen credit card is approved and if their money
mules fail. In the second month, trainees learn how to (physically) clone cards and create banking Trojans
(Proxy and Remota variants, along with other banking Trojans with reverse-connection capabilities). And
in the last month, they learn to create crypters using AutoIt, Visual Basic® 6.0, and Visual Basic .NET
(VB.NET) as well as set up a ZeuS or Solar botnet, among others. For R$300 (US$76.74) paid via PagSeguro
(a PayPal-like service), cybercriminal wannabes and newbies can learn to create their own malware and
phishing pages to steal from victims aided by local money mules.
Peddling cybercrime tutorials must be lucrative, as this is the second time we’ve seen this particular
instructor offer carding training using updated modules.
Figure 14: Site where cybercriminal wannabes and newbies can avail of carding training
Trainees also get access to virtual private server (VPS) hosts, tools, and tutorials collected from various
underground forums.
17. 17 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Crypter programming
For as little as R$200 (US$51.16), cybercriminals can already avail of crypter programming training with
online support via Skype. Trainees are also taught how to make their crypters fully undetectable (FUD)
using Visual Basic 6.0. Trainees also receive a 1.5-hour-long video as supplementary material, along with
free access to updated videos.
Figure 15: Post advertising a crypter-modification course offering
Credit card-related goods
Online shop administrator panel access
Access to compromised online shop administrator panels can also be bought in the Brazilian underground.
These panels give cybercriminals access to the shop customers’ credit card data. Cybercriminals can
steal as many as 40–170 sets of credit card credentials each day. Buyers are charged depending on how
many sets of credentials they wish to gain access to.
18. 18 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Figure 16: Post advertising access to compromised online shop administration panels
We were able to contact a seller who sold 21-day (three-week) access to compromised panels that gave
40 sets of credit card credentials per day for R$300 (US$76.74). For 14-day (two-week) access to 70 sets
of credit card credentials per day, buyers would need to shell out R$500 (US$127.90). The seller even
offered 20-day access to 170 sets of credit card credentials per day at a special discounted price of
R$1,000 (US$255.80).
Figure 17: Conversation with a seller of access to compromised online shop administration panels
19. 19 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Stolen credit card credentials
Cybercriminals obtain credit card credentials via phishing, compromising banking or other payment-
related sites, and distributing banking Trojans. They can also get such information from modified PoS
skimmers that get installed in legitimate business establishments.
Offering Price
10 sets of credit card credentials R$200 (US$51.16)
20 sets of credit card credentials R$400 (US$102.32)
50 sets of credit card credentials R$700 (US$179.06)
Table 1: Credit card credential offerings with their prices
Figure 18: Post advertising stolen credit card credentials for sale
20. 20 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Credit card number generators
Though the results given out by credit card generators are not 100% reliable, these are still sold
underground. Credit card number generators use specific algorithms that allow them to generate possible
credit card numbers. Their prices depend on how many credit card numbers they can produce. Again, the
end results are not 100% reliable and, as such, may not be effectively used to make online purchases.
Offering Price
Card generators that give out 50 credit card numbers R$100 (US$25.58)
Card generators that give out 100 credit card numbers R$200 (US$51.16)
Card generators that give out 150 credit card numbers R$300 (US$76.74)
Table 2: Credit card number generators sold underground
Figure 19: Post advertising generated credit card numbers for sale
(Note that this means the numbers did not come from stolen credit card databases.)
21. 21 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
PoS skimmers
As in the Chinese underground11
, cybercriminals in Brazil also sold PoS skimmers. These are usually
based on Verifone VX 680 machines and cost R$8,000 (US$2,046.43). Cybercriminals modified legitimate
PoS terminals so they can steal the information stored in the magnetic stripe of all of the credit cards
swiped on these. We’ve even seen gripper12
(a cybercriminal) sell mass-produced ATM and PoS skimmers
way back in 2014.
Figure 20: Post advertising PoS skimmers for sale
Figure 21: PoS skimmers for sale
The particular model sold (VX 680) has a triple-track magnetic stripe card reader, smart card (chip-and-
personal identification number [PIN]) reader, and a PIN pad. It also has various communication features
(via Bluetooth®, Wi-Fi, or 3G). Depending on the technique used to modify the PoS terminal (via firmware
or hardware modification), cybercrooks are able to receive stolen credit card data either over Bluetooth or
by having physical access to the machines.
Pulling off fraud via modified PoS terminals requires the help of an insider who needs to install them in
place of legitimate devices. The insider will also help the cybercriminals retrieve the stolen data from
modified terminals. The credit card data they obtain can then be used for cloned cards.
22. 22 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Modified smart card readers and writers
Modified Europay, MasterCard, and Visa (EMV) card readers13
are commonly sold in the Brazilian
underground. In a November 2014 investigation, Brazilian police officers arrested 10 individuals who
were involved in related fraud cases that cost victims more than R$3.5 million (US$895,313.23)14
. Part of
the cybercriminals’ modus operandi was convincing waiters of exclusive restaurants to use maliciously
modified PoS terminals for credit card payments. These waiters were given R$1,000 (US$255.80) each to
act as accomplices. The modified terminals had Bluetooth transmitters that the cybercriminals accessed
later on to obtain the stolen data. That same month, several US citizens’ chip-and-PIN credit cards15
were
cloned and used for fraudulent purchases after travelling to Brazil, leading us to think that the country’s
carders are good at their chosen fields of expertise.
Credit card transaction approval services and training
Credit card fraud doesn’t stop at data theft. After getting their hands on stolen credentials, cybercriminals
need to work with peers who are experts at getting transactions made with stolen credit cards approved.
Some of these service providers help customers use stolen credit card credentials to buy goods online.
They even provide customers physical addresses where they can have the goods bought delivered. Some
sell the goods to unknowing customers at only 30% of the usual goods’ prices. Any cybercriminal willing
to pay R$1,300 (US$332.54) can avail of approval services, which usually include technical support via
WhatsApp or Skype.
Figure 22: Post advertising the sale of goods bought with stolen credit cards
Apart from actual services, training to help other cybercriminals get fraudulent credit card purchases
approved is also available. Trainees learn how to steal credit card credentials and even monetize their loot.
23. 23 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Figure 23: Post advertising fraudulent credit card transaction approval training
Approval trainees learn how to steal credit card numbers, get fraudulent purchases (on Pontofrio,
PagSeguro, Apple® Store, Amazon™, eBay®
, Dell, and MercadoLibre) approved, query databases, mask
their Internet Protocol (IP) addresses when they use stolen credentials for online purchases, determine
the available balances on stolen cards, monetize stolen card data (buy plane tickets for reselling), and
generate infocc data; what bins are and InfoBanker is; and which shops they can easily buy goods from
with stolen cards.
Fake documents and counterfeit money
Street crimes like selling fake documents and counterfeit money have gone online. This trend could be
attributed to socioeconomic factors like widespread poverty and illiteracy. As of October 2015, Brazil’s
inflation rate was 9.93%16
.
24. 24 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Figure 24: Fake identification (ID) makers’ products sold underground
Fake diplomas
Brazil’s current educational system17
somehow contributes to the lack of professionals in the country.
Despite the fact that illiteracy in the country has decreased, at least 38% of Brazil’s undergraduates are
still considered “functionally illiterate.” It’s no wonder then why fake diplomas (probably for employment
purposes) have now figured underground. These are sold for R$300 (US$76.74) each, including shipping
fee. Some counterfeit money sellers even offer free shipping for purchases comprising more than 200
bills.
25. 25 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Figure 25: Fake diplomas sold underground
Counterfeit money
Counterfeit R$10, R$20, and R$50 bills are sold in the Brazilian underground.
Offering Price
R$750 worth of counterfeit bills R$100 (US$25.58)
R$1,500 worth of counterfeit bills R$200 (US$51.16)
Table 3: Prices of counterfeit money sold underground
Figure 26: Post advertising counterfeit money for sale
26. 26 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Figure 27: Counterfeit money with the seller’s name posted online
Cybercriminals in Brazil are quite brazen. They don’t care if law enforcement agencies see their names
posted online in relation to illegal activities.
Other illicit offerings
Internet and CATV access bump-up services
Cybercriminals who have access to the networks of Internet service providers (ISPs) and cable television
(CATV) operators, for instance, sell bump-up services to customers who wish to increase their access
speeds or privileges. They can speed up their Internet access or watch more shows on CATV for a price
lower than what the legitimate service providers usually ask for (R$150 [US$38.37]).
Figure 28: Post advertising Internet bump-up services
27. 27 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Figure 29: Conversation with a cybercriminal offering a bump-up service for Volex that costs R$150
(US$38.37) for a span of at least six months up to the maximum period that the provider supports
Crypters
Since many security vendors detect most known banking malware and other malicious files, crypters have
become cybercrime staples. Most crypters are created via code splicing, entry point (EP) modification,
executable binding, or general file modification. As in 2013, crypters can still be bought underground for
R$70 (US$17.91). Some sellers even offer them at only R$40 (US$10.23) at year-end.
Figure 30: Post advertising a FUD crypter
29. 29 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
Challenges ahead
Brazil’s socioeconomic landscape has made it the perfect breeding ground for cybercriminals. The quick
returns promised by a life of cybercrime have made it enticing enough for several individuals to actually
try it out. The tools and training they need are all out in the open. It only takes guts and know-how for any
newbie to make it big. And given that cybercriminal activities are not as heavily penalized in Brazil as in
other regions like North America, Brazilian cybercriminals publicly promote their operations. This, in turn,
attracts more people to follow in their footsteps.
Although Brazilian cybercrime has continuously thrived on the Surface Web—again, mostly due to the
cybercriminals’ disregard for law enforcement—we foresee a big move to the Deep Web in the future.
Developers and operators who use money mules and bank accounts to cash in their profits still have a
high chance of getting caught. Using bitcoins and trading in darknets would decrease this risk.
Brazilian law enforcement agencies have an arduous task ahead if they ever want to topple local
cybercrime. In 2015, we did see them exert more effort to fight cybercrime. Law enforcers partnered with
security vendors like Trend Micro for cybercrime training and even collaborated in some investigations.
These exercises were not enough to thwart cybercrime in Brazil though. Legislative bodies will have
to be stricter with sanctions to discourage solo cybercriminal developers and operators. The national
government needs to invest more resources for cybercriminal investigations, especially when Brazilian
cybercrime moves into Deep Web territory. These tasks may be difficult now given the more pressing law
enforcement challenges currently at play in the country.
We will continuously monitor Brazilian underground activities, trends, and offerings. Evidence of
cryptocurrency adoption, especially now that ransomware—the very first local version—has emerged
was observed. How this will change the current market dynamics, however, we have yet to find out.
30. 30 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
References
1. Fernando Mercês. (2014). Trend Micro Security Intelligence. “The Brazilian Underground Market: The Market for
Cybercriminal Wannabes?” Last accessed on 14 December 2015, http://www.trendmicro.com/cloud-content/
us/pdfs/security-intelligence/white-papers/wp-the-brazilian-underground-market.pdf.
2. Trend Micro. (30 June 2015). TrendLabs Security Intelligence Blog. “Lordfenix: 20-Year-Old Brazilian Makes Profit
Off Banking Malware.” Last accessed on 15 December 2015, http://blog.trendmicro.com/trendlabs-security-
intelligence/lordfenix-20-year-old-brazilian-makes-profit-off-banking-malware/.
3. Trend Micro Senior Threat Researchers. (13 April 2015). Trend Micro Security Intelligence Blog. “One-Man
PoS Malware Operation Captures 22,000 Credit Card Details in Brazil.” Last accessed on 15 December 2015,
http://blog.trendmicro.com/trendlabs-security-intelligence/fighterpos-fighting-a-new-pos-malware-family/.
4. Vanessa Martins. (27 August 2015). globo.com. “Police Arrest 20 Suspects to Clone Cards and Make Bank
Fraud.” Last accessed on 15 December 2015, http://g1.globo.com/goias/noticia/2015/08/policia-prende-20-
suspeitos-de-clonar-cartoes-e-realizar-fraudes-bancarias.html.
5. allpago. (2015). allpago.com. “The Spread of Internet Banking in LATAM.” Last accessed on 15 December 2015,
http://www.allpago.com/2015/08/the-spread-of-internet-banking-in-latam/.
6. Trend Micro. (2015). TrendLabs Security Intelligence Blog. “Ransomware (Search Results).” Last accessed on 15
December 2015, http://blog.trendmicro.com/trendlabs-security-intelligence?s=ransomware.
7. Sam S. Adkins. (May 2015). Ambient Insight Research. “The 2014–2019 Brazil Mobile Learning Market.” Last
accessed on 15 December 2015, http://www.ambientinsight.com/Resources/Documents/AmbientInsight-2014-
2019-Brazil-Mobile-Learning-Market-Abstract.pdf.
8. eMarketer Inc. (25 July 2014). eMarketer. “Brazil’s Bankers Get Digital, Both Online and via Mobile.” Last
accessed on 15 December 2015, http://www.emarketer.com/Article/Brazils-Bankers-Digital-Both-Online-via-
Mobile/1011051.
9. TrendLabs. (October 2015). Trend Micro Security Intelligence. “Hazards Ahead: Current Vulnerabilities Prelude
Impending Attacks.” Last accessed on 15 December 2015, http://www.trendmicro.com/cloud-content/us/pdfs/
security-intelligence/reports/rpt-hazards-ahead.pdf.
10. Fernando Mercês. (28 May 2015). TrendLabs Security Intelligence Blog. “DNS Changer Malware Sets Sights
on Home Routers.” Last accessed on 16 December 2015, http://blog.trendmicro.com/trendlabs-security-
intelligence/dns-changer-malware-sets-sights-on-home-routers/.
11. Lion Gu. (2015). Trend Micro Security Intelligence. “Prototype Nation: The Chinese Cybercriminal Underground
in 2015.” Last accessed on 18 December 2015, https://www.trendmicro.com/cloud-content/us/pdfs/security-
intelligence/white-papers/wp-prototype-nation.pdf.
12. Trend Micro. (21 March 2014). TrendLabs Security Intelligence Blog. “Mass-Produced ATM Skimmers, Rogue
PoS Terminals via 3D Printing?” Last accessed on 16 December 2015, http://blog.trendmicro.com/trendlabs-
security-intelligence/mass-produced-atm-skimmers-rogue-pos-terminals-via-3d-printing/.
31. 31 | Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
13. Trend Micro FTR Team. (April 2015). Trend Micro Security Intelligence. “FighterPOS: The Anatomy and Operation
of a New One-Man PoS Malware Campaign.” Last accessed on 16 December 2015, https://www.trendmicro.
com/cloud-content/us/pdfs/security-intelligence/reports/wp-fighterpos.pdf.
14. Globo Comunicação e Participações SA. (16 November 2014). globo.com. “Gang Uses Bluetooth to Clone
Chip Cards and Moves Millions.” Last accessed on 18 December 2015, http://g1.globo.com/fantastico/
noticia/2014/11/quadrilha-usa-bluetooth-para-clonar-cartoes-de-chip-e-movimenta-milhoes.html.
15. Brain Krebs. (27 October 2014). Krebs on Security. “‘Replay’ Attacks Spoof Chip Card Charges.” Last accessed
on 16 December 2015, http://krebsonsecurity.com/2014/10/replay-attacks-spoof-chip-card-charges/.
16. Trading Economics. (2015). Trading Economics. “Brazil Inflation Rate.” Last accessed on 16 December 2015,
http://www.tradingeconomics.com/brazil/inflation-cpi.
17. Cynthia Fujikawa Nes. (12 August 2015). The Brazil Business. “The Brazilian Educational System.” Last accessed
on 16 December 2015, http://thebrazilbusiness.com/article/the-brazilian-educational-system.