In March 2018, researchers at InfoArmor discovered (PDF) an exposed database that contained extensive personal data for 120 million Brazilians. This comprised a unique identity number (the Cadastro de Pessoas FÌsicas, or CPF) that is issued by the Brazilian Federal Reserve to Brazilian citizens and tax-paying resident aliens.
To put this in perspective, the total population of Brazil last year stood at 210 million, with an electorate of just over 147 million. Because it took many weeks for the flaw to be fixed, InfoArmor warns “it is very likely sophisticated adversaries harvested this information.
Data belonging to 32 million customers of SKY Brasil has been exposed online long enough to make their theft very likely, an independent security researcher discovered. Fábio Castro found that the data cache could be reached by anyone that knew where to look on the internet. Using the Shodan search engine, he was able to discover multiple servers in Brazil running Elasticsearch that made information available without authentication.
A cluster of servers called “digital-logs-prd” attracted the researcher’s attention and with a simple command, he listed the indices available, one of them 429.1GB in size. The file included personally identifiable information of SKY Brasil customers, which featured full name, email address, service login password, client IP address, payment methods, phone number, and street address.
Brazil’s Federation of Industries of the State of São Paulo (FIESP) is being accused of exposing millions of personal data records from three of its databases online. FIESP represents about 130 thousand companies and is the largest class entity in the Brazilian industrial sector. The records leaked included names, ID and social security numbers, as well as full addresses, emails and telephone numbers.
Bob Diachenko, a security researcher at white hat hacker ecosystem Hacken Proof, claims to have discovered three databases containing personal records that could be accessed through the Elasticsearch search engine on November 12. The largest data source had 34.8 million entries.
Read more about the massive Brazilian data leak on ZDNet.
Two ongoing malware distribution campaigns are sending banking Trojans to customers of Brazilian financial institutions, report Cisco Talos researchers, who also identified a spam botnet delivering malicious emails as part of the infection process.
Two separate infection processes were used in these campaigns between late October and early November, they say. The campaigns use different file types for the download and infection processes, but both target Brazilian firms. Researchers believe the attacker is from South America, where it would be easiest to use victims’ credentials to carry out fraud. Both campaigns eventually deliver banking Trojans. Researchers also found additional tools and malware hosted in an Amazon S3 bucket.
Read more about these banking malware campaigns on DarkReading.
Read Diana Kelley explain the true cost of a data breach in Brazil on Security Intelligence :
Many cybersecurity eyes have been on Brazil in the run up to this summer’s events. Every system has been under scrutiny, from ticket fraud prevention to the clocks used to time athletes. But cybercrime in this region isn’t a new concern; attackers had set their sights on the country long before summer sports fever hit.