.jpg)
By Francisco Camargo, President of ABES
Brazilians love novelty, we are among the countries that adopt new trends more quickly, mainly technological. If for some time there was fear and resistance in joining new devices or applications, the reality today is very different - we are open to changing our habits with the use of innovative technologies, especially on the Internet.
This modern stance, however, camouflages the population's deficiency in understanding the dangers and risks of the virtual world. We are more than ever exposed to cyber attacks, as our interest in technological innovations is not accompanied by concerns about risks and digital security.
The lack of awareness in the country to understand the threats present in the virtual world (web, social networks) makes us expose our lives, personal data and privacy, as we evaluate the information we receive very superficially and do not bother to click without knowing the origin of a link.
We would rather spend on buying a new smartphone than investing in antivirus and when we read news about a global cyber attack - like Bad Rabbit, about Data Hijacking (Ransomware), responsible for hacking thousands of computers in the last few weeks - we think it is a long way off of our reality.
Unfortunately, any one of us can be a victim of cyber criminals, even if we don't have bitcoins in our name or access to targeted networks (like the big business system). After all, anyone who has never received an SMS or e-mail with a message like: "Congratulations! You have been awarded an iPhone", "Update your password or your internet banking will be blocked", "see photos of the winner of Big Brother Brasil with the new girlfriend ", among so many others. It seems obvious that these announcements are malicious and should not be clicked on, but rest assured that many inattentive people will do so and make the internet even more dangerous.
An effective way to warn of these scams is to explain their purpose. Why is a virus created? Also called malware, they aim to take control of a network, invading a computer connected to it, in order to install itself on the servers and perform a mission - which can be, for example, encrypting all files and then requiring a ransom to recover them (a crime known as Ramsonware or data hijacking), transfer data outside the organization (such as credit card numbers, which can be sold on the black market) or infect machines with a malicious file that will hibernate until be woken up by an external command. Another very common attack is one that starts sending spam emails massively from an IP address that is not blacklisted by AntiSpam systems.
To be successful, the invasion needs the victim's involuntary cooperation. The vector most used today is still e-mail, with an executable file attached, or a link that leads to a website where the virus waits patiently until it is clicked.
This practice is known as "Phishing" - from the English verb "to fish" -, metaphorically a hook with a lure thrown to catch a careless "fish". It is relatively simple to produce a malicious file, shoot it for many people and then reap results. To attract targets, social engineering techniques are used to stimulate basic feelings and emotions, curiosity, ambition or fear. Another classic example: "if you do not register on this link, your Facebook will be paid".
Away from the access of the vast majority of technology users, there is the "virtual black market", such as the Dark Web - a part of the Deep Web, invisible to ordinary browsers and Google, carefully protected by several layers (for example, the prosaic internet banking or webmail). In these almost secret environments, it is possible to buy and sell illegal products and services, such as viruses, malware, specific attacks, recently discovered vulnerabilities, even credit cards, social security numbers, addresses, among other information.
According to Roberto Gallo, PhD, coordinator of the Cybersecurity Risk and Security Committee at ABES, two personal information, a person's CPF and e-mail, are enough to obtain a lot of "useful" information about him. The best way to protect yourself is to seek information, search for good antivirus and be very selective in online behavior, especially in Social Networks.
Brazil has advanced a lot in discussions about the Virtual World, such as the General Law for the Protection of Personal Data, the Digital Transformation Strategy and the National Plan for Internet of Things, but none of these actions will be fully utilized if we do not make the population aware of the essential care.
Security in the Virtual World is like a vaccine, the more people are vaccinated, this is made aware, educated, the less likely it is that a virtual epidemic will make victims in Brazil. Initiatives such as the "Brazil, Digital Country" project, developed by ABES (Association Brazilian Software Companies) and partners for civil society to engage in the discussion of digital security are an important step to change this reality, but there will only be success if we have constant actions, in frequency and sequence.
This modern stance, however, camouflages the population's deficiency in understanding the dangers and risks of the virtual world. We are more than ever exposed to cyber attacks, as our interest in technological innovations is not accompanied by concerns about risks and digital security.
The lack of awareness in the country to understand the threats present in the virtual world (web, social networks) makes us expose our lives, personal data and privacy, as we evaluate the information we receive very superficially and do not bother to click without knowing the origin of a link.
We would rather spend on buying a new smartphone than investing in antivirus and when we read news about a global cyber attack - like Bad Rabbit, about Data Hijacking (Ransomware), responsible for hacking thousands of computers in the last few weeks - we think it is a long way off of our reality.
Unfortunately, any one of us can be a victim of cyber criminals, even if we don't have bitcoins in our name or access to targeted networks (like the big business system). After all, anyone who has never received an SMS or e-mail with a message like: "Congratulations! You have been awarded an iPhone", "Update your password or your internet banking will be blocked", "see photos of the winner of Big Brother Brasil with the new girlfriend ", among so many others. It seems obvious that these announcements are malicious and should not be clicked on, but rest assured that many inattentive people will do so and make the internet even more dangerous.
An effective way to warn of these scams is to explain their purpose. Why is a virus created? Also called malware, they aim to take control of a network, invading a computer connected to it, in order to install itself on the servers and perform a mission - which can be, for example, encrypting all files and then requiring a ransom to recover them (a crime known as Ramsonware or data hijacking), transfer data outside the organization (such as credit card numbers, which can be sold on the black market) or infect machines with a malicious file that will hibernate until be woken up by an external command. Another very common attack is one that starts sending spam emails massively from an IP address that is not blacklisted by AntiSpam systems.
To be successful, the invasion needs the victim's involuntary cooperation. The vector most used today is still e-mail, with an executable file attached, or a link that leads to a website where the virus waits patiently until it is clicked.
This practice is known as "Phishing" - from the English verb "to fish" -, metaphorically a hook with a lure thrown to catch a careless "fish". It is relatively simple to produce a malicious file, shoot it for many people and then reap results. To attract targets, social engineering techniques are used to stimulate basic feelings and emotions, curiosity, ambition or fear. Another classic example: "if you do not register on this link, your Facebook will be paid".
Away from the access of the vast majority of technology users, there is the "virtual black market", such as the Dark Web - a part of the Deep Web, invisible to ordinary browsers and Google, carefully protected by several layers (for example, the prosaic internet banking or webmail). In these almost secret environments, it is possible to buy and sell illegal products and services, such as viruses, malware, specific attacks, recently discovered vulnerabilities, even credit cards, social security numbers, addresses, among other information.
According to Roberto Gallo, PhD, coordinator of the Cybersecurity Risk and Security Committee at ABES, two personal information, a person's CPF and e-mail, are enough to obtain a lot of "useful" information about him. The best way to protect yourself is to seek information, search for good antivirus and be very selective in online behavior, especially in Social Networks.
Brazil has advanced a lot in discussions about the Virtual World, such as the General Law for the Protection of Personal Data, the Digital Transformation Strategy and the National Plan for Internet of Things, but none of these actions will be fully utilized if we do not make the population aware of the essential care.
Security in the Virtual World is like a vaccine, the more people are vaccinated, this is made aware, educated, the less likely it is that a virtual epidemic will make victims in Brazil. Initiatives such as the "Brazil, Digital Country" project, developed by ABES (Association Brazilian Software Companies) and partners for civil society to engage in the discussion of digital security are an important step to change this reality, but there will only be success if we have constant actions, in frequency and sequence.
Stay alert! Suspecting is always a good rule.
EN 
PT 
