In 2020, according to data from a threat intelligence laboratory, 8.4 billion attempts at cyber attacks in Brazil, while in Latin America there were 41 billion. Protecting yourself against these circumstances in a data economy is imperative for organizations and citizens. What requires training, educational measures, awareness and engagement in information security policies.
Cyber attacks can exploit vulnerabilities in application design, use of inefficient passwords, inadequate maintenance of internal systems, among other aspects that lead personal data to be used in diversified fraud. The changes caused by the pandemic increased the importance of knowing and discussing this issue, considering that the number of threats, between January and November 2020, increased by 394% when compared to the same period of 2019, as disclosed by the Brazilian Internet Association.
Below, some techniques applied in cyber attacks are listed:
Direct access to memory: attack that allows the invasion of computers and other devices, exploiting the presence of high-speed expansion ports. The purpose is to gain direct access to the physical memory of the computer or device, bypassing the security protocols of the operating system, to control and extract data.
Decoy: simulation of software or application supposedly safe, which after installed receives the user’s personal data.
Eavesdropping: there is a violation of the user’s confidentiality, in order to intercept and store personal data to use it fraudulently or criminally in the future.
Phishing: victim is induced, by using the trust placed in a close person or legitimate institution, when receiving an email, or message in an application, instructing to download software or to click on malicious links, whose purpose is to obtain the data user’s personal data.
Ramsonware: type of malware that hijacks data, computers or mobile devices. It consists of blocking user access in exchange for payment, usually in cryptocurrency, to redeem that access or to decrypt that data or equipment.
Shoulder Surfing: means having access to the user’s device screen while accessing sensitive data. In this way, the attacker will be able to collect data or access credentials (login and password) using visual means.
Spoofing: the attack consists of accessing the operating system to steal the victim’s identity, or falsify some of their information, enabling this type of data to be used for illegal purposes.
Finally, it is worth remembering that the LGPD determines to the controller the duty to communicate, within a reasonable time to the National Data Protection Authority (ANPD) and to the holders of personal data, the occurrence of security incidents, that is, any adverse event related to the violation of these assets, which may be associated with the previously mentioned techniques. While the regulatory activity on the subject has not been completed, the ANPD has made available on its website a form for the communication, by the controllers, of security incidents.
Wilson Sales Belchior
Virtual Social Office application (ESVirtual)
The National Council of Justice (CNJ) launches today, 04/20/2021, the Virtual Social Office (ESVirtual) application. The objective is to expand the offer of services available to...
The 11th Civil Chamber of the Court of Justice of Minas Gerais dismissed the appeal filed by a player from the game Free Fire, in which...
