By Dennis Barker
Moving up in the standings is great if you’re a sports team. But if you’re a country, and the standings are in the league of cybercriminals, then not so much. For the first time since Symantec began tracking global IT security attacks, a country in the Nearshore region has moved into the top tier of hackers, phishers, and other tech-based crooks.
According to the software company’s latest Global Internet Security Threat Report, Brazil ranked as number three in overall malicious activity for the past year—and number one in attacks by spam zombies. The year before, the country was in the number five spot overall. Brazil ranked third in both location of malicious activity and origin of Web-based malicious activity, Symantec’s security analysts say.
“Brazil ranked third globally for potential infections by viruses and fourth for potential infections by worms. These rankings represent large increases from previous reporting periods. Brazil has been a major source of successful malicious code that steals banking information, and some very successful malicious code that has originated from Brazil remains active,” the report states. “For example, the Bancos trojan was first discovered there in 2003 and was still one of the top 50 malicious code samples for potential infections in 2009, mainly due to the continuous release of new variants.”
“Outsourcing companies aren’t nearly as vulnerable as home PC users, who were the victims of most of these attacks” – André Carraretto, Symantec Brazil.
Brazil’s increase in attacks can be attributed mainly to the simple fact that its IT infrastructure is growing rapidly and more and more Brazilians are using the Internet. “The root causes of greater activity in Brazil are the increase of broadband connections, more people buying computers, more people connecting to the Internet, as well as a growing population,” says André Carraretto, systems engineering manager for Symantec Brazil. The Downadup worm, also known as Conflicker, propagated rapidly throughout Brazil, he says, which contributed to the rise in security incidents.
But should companies that outsource IT services from Brazil now be more concerned about one of their biggest fears: loss of intellectual property? Carraretto says no. “Outsourcing companies aren’t nearly as vulnerable as home PC users, who were the victims of most of these attacks,” he says. “For IT companies that follow best practices, the risk is mitigated.”
A representative from a major global technology company that outsources software development to Latin America told Nearshore Americas that of course loss of IP is always something to worry about, but said he has seen stringent security measures on the part of the provider his team has partnered with. “They use the same things we use, such as VPNs, and anyone working on our projects has to go through security clearance and also use a special keycard to get into the area where the work is being done.”
Upleveling Corporate Security
In its “Emerging Market Analysis” of Brazil for 2009, Gartner reported on the country’s acute awareness of IT security issues: “Concerns about protection from malicious attacks and unintentional security incidents are creating a focus on how to protect sensitive corporate information. Security risks will evolve alongside the changes brought by new IT environments and new working practices, such as those brought about by mobile and remote working. Compliance with government regulations continues to play a significant role in security-spending decisions. Brazil’s spending growth on security solutions is expected to be double the global market’s 12.5% five-year CAGR. Investment is often justified because the harm caused by security breaches can be so great.”
This is not a new concern in Brazil. In 2004, Brazilian government police claimed that 8 out of 10 worldwide cybercriminals were living in the country. This claim was generally regarded by IT security watchers as an exaggeration, however, and was most likely scoffed at by the virus writers in Germany, denial-of-service extortionists in Russia, and ID thieves in the US.
Within Latin America, the report says, Mexico ranked second for malicious activity in 2009, and Argentina ranked third.
Two other popular outsourcing destinations, India and Russia, moved up to fifth and seventh place, respectively, in the global rankings, according to Symantec’s data. The United States and China held onto their respective rankings of first and second. (Yes, USA, we’re still Number 1.)
“Brazil will most likely remain in third place worldwide because of the growing economy, growing population, and increase in Internet users,” Carraretto says, “but in terms of global rank, I hope we don’t pass China.”