2022 is a year that makes its mark elections In the main Latin American countries, Costa Rica, the election ended with the second round held in April. In June, it was time for the second tour in Colombia. In October, the long-awaited democracy event takes place in Brazil.
Outside of the political context, I would like to use this scenario to attract the attention of companies and organizations working in the cybersecurity industry. As experts on the subject, we can say that Election season is always a fertile ground for cybercriminals to take action and spread the notoriety. “fake news” catching citizens’ attention and clicks on social networks, messaging apps, hacked websites and even fake ads to steal their personal data.
The cybercriminal has a profile looking for the easiest gateway with little resistance and a good potential for reward, and the citizen is the most vulnerable.
Given the possible scenario of cyber exposure during the elections in Brazil, major communication platforms such as WhatsApp, Twitter and Facebook have already announced the adoption of certain tools to combat criminal acts of sending false information to users during the voting period.
Facebook, for example, has partnered with more than 80 agencies specializing in news verification and cross-reference information to check the accuracy of data posted on the platform. Here in Brazil we also have fact-checking sites that use Google search as their main tool to verify the accuracy of data.
Public digital environments are most at risk. In the last two years of the epidemic, we have seen agencies and companies exposed to various cyber attacks that prevent them from continuing their activities. In late 2020, the Supreme Court of Justice fell victim to a ransomware attack that seized confidential data in exchange for a financial ransom.
All STJ systems were paralyzed and several process deadlines were suspended and had to be realigned. In 2021, it was the turn of the Conect SUS platform, which collects important health information and data on the vaccination of Brazilian citizens against COVID-19, to suffer a hacker attack. The Conect SUS app has been offline for over ten days, hurting users who need proof of vaccination, among other information.
This situation is not unique to Brazil. In Latin America, the government was the hardest hit in 2021, according to Tenable’s Threat Landscape Retrospective 2021 report. The public sector still does not have all the necessary weapons to defend itself against possible invasions and security attacks online, increasing its exposure to the actions of malicious attackers.
Lately cyber attack The enormous rates to which the Costa Rican government has been subjected are testament to this. Following the election of Rodrigo Chávez to the presidency, the Conti group announced the attack on various government systems, promising a fundamental change in strengthening cybersecurity in the country. The first institutions to be attacked were the Ministries of Finance and Science, Innovation, Technology and Telecommunications, among others.
The government had to curb import and export control and management as well as digital tax filing systems, damaging the productive sector by about US$30 million a day. The ransomware-type attack hijacked government agency websites, stole thousands of files, and threatened to hack the country’s official Twitter account, as well as delete all captured data if it did not receive the ransom demanded. 15 million dollars. More than two months have passed and the government systems are still not in order.
For cybercriminals, the entry point usually doesn’t require much effort: a known but unrecoverable vulnerability, an unsafe password, or a remote or hybrid employee with access to corporate or government networks using internet connections from home are the most common entry points. .
One click is enough. One click can mean millions of losses for governments. As in Costa Rica, a single click can shut down the government payment system for weeks.
What shall we do?
The advice for citizens is always the most basic: beware of messages, emails and files from unknown sources. Distrusting and questioning is the surest way to prevent counterattacks than to believe everything you get on social media.
For governments and companies, attention must be made often and always reinforced to make it increasingly difficult for cybercriminals to act like technology, processes and people. With investments in visibility and system protection tools, it is necessary to ensure the correct management of a developing network for today’s world.
Starting with basic cyber hygiene, it is necessary to establish processes that help simplify security management, as well as to expand the education and awareness of “cybersecurity” with those who play a critical role in the execution of solutions and processes. effectively.
Source: Tec Mundo
