While Brazil and the world are still struggling to contain the Coronavirus contagion, a new epidemic is spreading across the planet and has already reached the country: that of hacker attacks on city halls. Since the end of last year, systems of more than 30 municipalities, for example, Campos dos Goytacazes (RJ), Taboão da Serra (SP), Belo Horizonte (MG), Campinas (SP) and others (listed below) were invaded, compromising and paralyzing online and in-person services. Victims include cities of all sizes, demonstrating the automated nature of the software that coordinates these actions.
Attacks on city halls are mostly of the type ransomware, which is a type of extortion in which cybercriminals hijack and encrypt data from systems and charge a ransom to re-establish access and not disclose the information on the internet. Other hackers target financial systems, which guarantees a better chance of success than a ransom demand.
According to a Trend Micro survey, the most affected segments, worldwide, in 2019 and 2020, were manufacturing, government, education and health, in that order, and these four sectors were responsible for more than more than 1 million, 463 thousand detections, last year alone.
In Brazil, the government is the main target of cybercriminals, and the sector leads the ranking in the last two years, with 40% of attacks, in 2019, and 35.3% of threats blocked in 2020, with more than triple the detections compared to the second place.
Brazil has 5,500 municipalities, many with very poor IT management. According to Renato Tocaxelli, Trend Micro's Government Account Manager, with Covid, investments in security were repressed to pay attention to other priorities. “The accelerated migration to the cloud, aiming at the expansion of online services for citizens, and the remote work of public employees, took place without due attention to the rules of access control and restriction. Cloud computing has basic configurations that generate vulnerabilities and easy attacks”, analyzes Tocaxelli.
For hackers, city halls are easier and faster sources of income, because the interruption of services quickly creates popular dissatisfaction, pressure against the manager, who often sees no alternative but to pay the ransom.
Among the vulnerabilities that make city halls a target are:
- Users not aware of the dangers of the network (phishing via email, SMS and WhatsApp);
- Release of the administrator profile for home office solutions;
- Protections below the real need;
- Weak passwords without constant change;
- Misconfigured systems;
- Outdated protections;
- Little use of multiple authentication factors;
- Critical information provided in bidding processes;
- Non-use of the features of existing protections;
- Access from home equipment on the corporate network;
- Endpoint protection focus against layered attacks (security must
follow the data);
Another aspect highlighted by the expert at Trend Micro is that the pandemic has led to increased competition among security solution providers, "with many (and dubious) players, generating for the customer a disintegration and lack of collaboration between the solutions, and consequently, increase in vulnerabilities”, laments Renato.
Global scenario:
Rescues are getting higher (millions of dollars), with global losses estimated between US$ 1 trillion in 2020 and US$ 6 trillion in 2021. The total number of malware families detected increased by 7.1%. But if we consider the family web shell the growth is much more significant, from 23%, from May to June, suddenly gaining the first position, and surpassing the three most traditional families: WannaCry, Coinminer and Donwad. This increase was due to attacks related to the ProxyLogon vulnerability.
Future scenario:
According to Gartner, government agencies must increase investments in digital technologies to recover from the impacts of the pandemic on public health. It is estimated that spending by the IT sector will reach US$ 557.3 billion in 2022, representing growth of 6.5% compared to 2021. “The interruptions caused by the pandemic also reinforce that public policy and technology are, today, inseparable and that the combination of these factors is a fundamental principle for the construction of a digital government”, analyzes Irma Fabular, research vice-president at Gartner.
Some of the municipalities attacked by hackers:
Southeast region: Campinas, Birigui, Caraguatatuba, Boituva, Eldorado, Belo Horizonte, Itacarambi, Jaboticatubas, Volta Redonda, Fama, Saquarema, Divinópolis, Nova Venécia, Vitória, Campos dos Goytacazes, Taboão da Serra.
South region: Florianópolis, Blumenau (Instagram), Chapecó, Balneário Camburiú, Bandeirantes, Sulina, Imbuia, Santa Rosa de Lima, Candiota, Victor Graeff.
Midwest region: Cuiabá, Cassilândia, Águas Lindas do Goiás.
Northeast Region: Palm tree of the Indians.
“In Brazil, we do not have a tradition of investments in cybersecurity, which makes a large part of Brazilian systems unprotected against ransomware attacks. The LGPD requires companies to be prepared from a cybersecurity point of view, but from what we are seeing, it is still not in practice”, concludes Renato Tocaxelli.
