ABSTRACT
Executive Summary Unlike its more dynamic counterparts, the cyber threat environment of Brazil is characterized by a highly specialized, ultraspecific focus on fraud conducted via banking Trojans disseminated by sophisticated phishing attacks. Almost all visible cyber criminal activity in Brazil is financially motivated and focuses on banking Trojans targeting Brazilian banks and phishing techniques for distributing these Trojans. As a result, Brazil is now home to some of the world’s most skilled Trojan authors and most innovative fraudsters. Indeed, the ease with which cyber criminals are able to steal from Brazilian banking customers is a key reason for the relative paucity of other cyber threat categories in the country. e Brazilian security community has adapted accordingly, with Brazilian banks emerging as leaders in tracking and combating Trojans; however, this hyperspecialization of Brazilian computer security is not without its drawbacks. e private sector in Brazil lacks a strong culture of intellectual property protection, and it does not prioritize corporate espionage as a significant threat. Public cyber crime authorities also find it difficult to manage the sheer volume and sophistication of the country’s information security environment. However, this is not for any lack of expertise or professionalism; rather, inadequate legislation and a lack of material resources handicap the efforts of otherwise able Brazilian law enforcement professionals.
