The systems of more than 30 Brazilian municipalities have been compromised by cybercriminals since the end of 2020, revealed Trend Micro, this Tuesday (21). The data released by the company reveal that ransomware is one of the threats that stood out during this period.
In Brazil, government systems, agencies and bodies linked to public administration are the main targets of cybercriminals. “The industry leads the ranking for the last two years, with 40% of attacks in 2019 and 35.3% of threats blocked in 2020, with more than triple the number of detections compared to second place”, revealed the company in a press release.
Trend Micro research identified that at least 30 city halls had some of their digital services hacked by cybercriminals since the end of last year, which has caused disruption in service delivery.
They are: Palmeira dos Índios (AL), Cuiabá (MT), Cassilândia (MS), Águas Lindas do Goiás (GO), Taboao da Serra (SP), Campinas (SP), Birigui (SP), Caraguatatuba (SP), Boituva (SP), Eldorado (SP), Belo Horizonte (MG), Itacarambi (MG), Fame (MG), Jaboticatubas (MG), Divinópolis (MG), Victory (ES), New Venice (ES), Round Round (RJ), Campos dos Goytacazes (RJ), Saquarema (RJ), Florianópolis (SC), Blumenau (SC), Chapecó (SC), Camburiú Spa (SC), Imbuia (SC), Santa Rosa de Lima (SC), Bandeirantes (PR), Sulina (PR), Candidate (LOL) and Victor Graeff (LOL).
Trend Micro’s government account manager in Brazil, Renato Tocaxelli explains that with the pandemic of the new coronavirus (SARS-CoV-2), investments in security have been reduced as the government needs more attention (investment) to other priorities.
“Accelerated migration to the cloud, aiming at the expansion of online services for citizens, and the remote work of public employees, occurred without due attention to access control and restriction rules. Cloud computing has basic configurations that generate vulnerabilities and easy attacks”, says Tocaxelli.
“In Brazil, we do not have a tradition of investments in cybersecurity, which makes a large part of Brazilian systems unprotected against ransomware attacks. The LGPD requires companies to be prepared from a cybersecurity point of view, but from what we are seeing it is not yet in practice”, concludes Renato Tocaxelli.