IT Safe News - Is it possible to profile the Brazilian cyber criminal?
Thiago Branquinho - There is no research with statistical data to make a one hundred percent assertive statement. However, the evidence (attack logs we follow, news and customer information) shows that the profile is quite diverse. There are several levels of people who attack, from the simplest, the so-called kiddies script, even the crime professionals.
IT Safe News - What does he seek? Fame money? How and what do they get?
Thiago Branquinho The main motivator is undoubtedly the money they believe they will get from the attack. In Brazil we already have news about the performance of great professionals from the Phishing trying to gain access to emails, social networks, and banks. And now, due to the implementation of the General Data Protection Act (LGPD) next year, which states that companies can pay fines of up to R $ 50 thousand for incidents of data leakage, a new focus of interest has emerged for this. Kind of criminal. In a way, he came to rely on encouragement and even some sort of “tabulated” work to access this private data and blackmail companies.
IT Safe News - What are the main differences from individuals who commit these crimes in other countries?
Thiago Branquinho - One of the main differences is that anyone who practices this type of crime in Brazil probably already practices or committed crimes in the real world, especially those related to card fraud. In other countries, it is more common for these criminal groups to be formed directly in the virtual world. It is also important to highlight that the Brazilian legal norm did not follow the evolution of cyber crimes to effectively curb them. Which is also an important difference. In Brazil, the virtual world is still very lacking in specific laws. The most developed countries, technologically mainly, on the other hand, usually have more consistent laws.
IT Safe News - Generally what are the areas of training of cyber criminals?
Thiago Branquinho - No specific technology or related training is required to commit cybercrime. Of course, people with greater technical knowledge find their way into the invasion faster. It may seem absurd, but in the Dark web and even on the web itself you can find hacking for sale and even courses on how to do it. As there is no type of enforcement in these environments, the feeling of impunity predominates and with that this black market grows. Some groups even hire specialists to crack codes, forge websites and create data collection robots.
IT Safe News - What are the biggest weaknesses of Brazilian companies? Where do criminals find breaches?
User education (in the sense of lack of knowledge) is the first weakness of the list. People still fall for simple blows, put themselves in situations of insecurity and make operating errors in their daily work. There is no corporate culture of protection. Criminals are alert and target attacks on this type of person who unknowingly provides access information, which allows malware infection and remote control of the machine. Configuration errors and lack of security controls are other weaknesses of Brazilian companies. Cyber security, for many of them, is still in the background. This causes common attacks, described in web guides, to be applied.
In order to protect critical infrastructures it is necessary to know the risks to which an industrial network and control systems are subjected, what are the main safety standards available in the market and how to correctly implement and monitor the CSMS (Cyber Security Management System) defined by ISA / IEC 62443. TI Safe Academy offers specific training and certification for critical infrastructure protection, which prepares your students for the complicated task of securing industrial networks and control systems against cyber attacks. To learn more visit: TI Safe Academy