Brazil is one of the top five countries where organizations are affected by ransomware, so cybersecurity policies are especially relevant. On December 26, 2023, Brazil made a decree that established their National Cybersecurity Policy (PNCiber) and their National Cybersecurity Committee (CNCiber).
.png?width=1920&height=1080&name=Brazil%E2%80%99s%20National%20Cybersecuriity%20Policy%20(2).png)
The PNCiber was created to guide cybersecurity activities in the country. The principles of PNCiber include national sovereignty, guaranteeing fundamental rights, prevention of cyber attacks, resilience to cyber incidents, education and technological development in cybersecurity, cooperation between public and private entities, and international technical cooperation. The objectives of the PNCiber are to:
- promote the development of national cybersecurity products and technologies
- ensure the security and availability of information
- combat cybercrimes
- encourage the adoption of cyber protection measures
- increase resilience to cyber incidents
- develop education and training in cybersecurity
- promote research and innovation
- enhance collaboration and information exchange between various stakeholders
The National Cybersecurity Committee (CNCiber) is composed of representatives from many governmental agencies to monitor the implementation and evolution of PNCiber. The committee will be able to make proposals to improve the cybersecurity policy and create the measures that the PNCiber outlined as goals.
The disruption of the Grandoreiro operation proves Brazil's efforts to improve its national cybersecurity levels are yielding positive results. Grandoreiro is a banking malware operation that has moved at least 3.6 million euros since 2019. The program has been active since at least 2017, when it was initially tracked by ESET cybersecurity systems. It has consistently targeted Brazil and Mexico, before adding on Spain in 2019 and then Argentina in 2023. It works by monitoring the foreground window of a potential victim’s computer and searching for web processes connected to banking activities. If there is a lead, the malware starts communication with its control servers. Afterward, an operator interacts manually with the victim’s computer to steal the money - and the malware offers many avenues to do so, including blocking the victim’s screen, saving keystrokes, sharing the victim’s screen, and showing fake pop-up windows. Phishing attempts pressured victims into sending money by attaching seemingly official documents like court subpoenas and invoices to emails.
Fortunately, Brazil’s Federal Police successfully disrupted the Grandoreiro operation on January 30th, 2024. According to a translated press release about the investigation, fraud attempts using the malware program took 110 million euros from Brazilians. The Federal Police force worked with the International Criminal Police Organization (Interpol), ESET, and the National Police in Spain. The officers served five temporary arrest warrants and thirteen search and seizure warrants across five Brazilian states.
These initiatives serve as crucial milestones in the ongoing battle against cybercrime, inspiring other nations to bolster their cybersecurity measures and protect their citizens and critical infrastructures from evolving digital threats.