In recent years, hacking into technological systems and databases hosted in a virtual environment has become an increasingly recurrent strategy to obtain confidential data. State sponsor actors are the leading cause of cyber concerns, with China, Russia, Iran, and North Korea sponsoring 77 percent of all suspected operations worldwide since 2005, the Cyber Operations Tracker of U.S.-based think tank
Faced with the social, political, and economic impacts caused by cyberattacks, public and private institutions around the world are taking various precautions to try to prevent sensitive information from falling into the hands of hackers, criminal groups, and malign states.
One of the purposes of the attacks is espionage, used to cause reputational or financial damage to an organization, individual, or government entity by stealing classified information to seek monetary gain or competitive advantage.
Threats
The main types of cyberattacks are carried out through malware or malicious software, which includes the spread of viruses, worms, trojans, and ransomware. In these attacks, cybercriminals usually steal victims’ data and make demands for some kind of financial ransom.
Phishing attacks, on the other hand, are those that contain fraudulent message content to obtain personal information, card, and/or bank account numbers, while denial of service attacks direct several infected devices to make simultaneous requests on certain systems. This causes excessive user traffic on the attacked platform and, consequently, service interruption. There are also password attacks, which seek to reveal users’ authentication credentials for access to closed systems.
Motivations
When a malicious cyber operation takes place in which a particular government or private company is attacked, the blame almost always falls on a foreign State sponsored actor. According to Brazil Army (EB) General (R) Wilson Mendes Lauria, a specialist in cyber security, in order for there to be a formal accusation of responsibility for the cyberattack, there must be comprehensive technical, political, and legal grounds related to the incident. “And that’s the biggest difficulty,” he said.
According to Gen. Lauria, the motives behind cyberattacks vary. “If you look at the three countries most accused of committing these attacks, you’ll see that Russia is most often accused of interfering in other countries’ elections, discrediting Western institutions, and questioning democracy. China is accused of seeking access to intellectual property that it doesn’t have, while North Korea seeks financial resources. So the three actors supposedly operate for different purposes,” he said.
Investment
Despite the collective effort to improve protection mechanisms, investment in digital security in Brazil is still insufficient and puts companies operating in the country at risk, Gen. Lauria said.
According to him, culturally, Brazilian citizens are careless when it comes to cyber security. Actions aimed at improving protection strategies should also be shared between the public and private sectors, Gen. Lauria added.
“I see that today, in the country, security issues are not being taken seriously enough […]. Now, there’s the issue of private companies that make millions and don’t have the minimum security. And that won’t change overnight,” he said.
Gen. Lauria stresses that companies need to invest as much as they can to prevent attacks. “In Brazilian institutions, the level of maturity in this regard is still very low. We have problems in these institutions that are considered simple, such as managing updates. There are a lot of people using a system that isn’t up to date, and that’s a vulnerability.”
Cyber Guardian
In par with its role as a leading regional actor, Brazil’s cyber defense capabilities within its Armed Forces are considered among the best in Latin America. EB’s Cyber Defense Command carries out the Cyber Guardian Exercise every year. The military exercise consists of simulated attacks against important sectors of the national economy, such as water, energy, transport, communications, finance, nuclear, defense, digital government, biosecurity, and bioprotection. The 2023 edition brought together 520 participants from 150 institutions, including members of the Ibero-American Cyber Defense Forum, which brings together 13 countries.
“The best strategy will always be prevention,” Gen. Lauria concluded.