main image
2025

Flowing through Amazonia

The dark web threat landscape for Brazil

Get Your Report Now

The Kaspersky Digital Footprint Intelligence team has prepared a report that highlights the most severe and prominent dark web threats commonly faced by organizations across various industries in Brazil, including but not limited to:

  • Government
  • Healthcare
  • Finance and insurance
  • Professional services
  • Telecommunications
  • Education
  • Manufacturing
  • Transportation and logistics
  • Consumer services and goods
  • Retail
  • IT and software
  • Construction and real estate
  • Agriculture
  • Electricity, gas and oil, mining, and all other industrials
  • And so on

Brazil is in the crosshairs of cybercriminals more so than many other countries for a variety of reasons, including its large population, economic growth and diverse business landscape. The volume of attacks and cybercrime activity in general is intense. As such, there is a need to support economic growth in the region by strengthening IT and cybersecurity. Our research reveals the four most severe dark web threats facing Brazil, identifies potential risks associated with them, assesses their consequences, and offers a clear protection strategy.

In 2024 alone, at least 30 ransomware groups were active in Brazil, targeting over 100 companies across a wide range of industries, and they continue to expand their activity from year to year. Ransomware remains one of the most critical threats to a company’s operational integrity and security. And our research confirms that no organization in any sector is immune – healthcare (including hospitals), banks, industrials, government entities, businesses of all sizes, and critical infrastructure.

Ransomware attacks targeting Brazil in 2022 - 2024
graph Ransomware attacks

The market for initial access is highly developed among the cybercrime community. Threat actors, from individual cybercriminals to ransomware gangs and APT groups, regularly need attack entry points into internal networks, systems or devices belonging to Brazilian companies. In 2024, more than 100 ads offering access to Brazilian companies in various industries – healthcare, government, construction, and others – were observed. It’s impossible to know just how many deals take place behind closed doors, never disclosed on dark web resources.

Example of an ad trading initial corporate access
Example of an ad trading initial corporate access

A vast number of ads trading or sharing databases with information on Brazilian individuals and citizens, different companies and entities were discovered on the dark web. In the past year, cybercriminals distributed over 300 databases coming from breaches affecting 185 organizations (according to data from dark web ads*). Government institutions, telecoms and professional services firms in Brazil were among the hardest hit.

* Statistics are based on information from posts made by threat actors on the dark web. To prevent unauthorized access to the affected companies' data during the research, the compromised information was not verified.
Ads offering Brazil-related databases in 2024
graph Ads offering Brazil-related databases in 2024

Use of info stealers (data-stealing malware) continues to skyrocket, with infections growing year on year, and Brazilian resources and users are no exception. In total, 37 million lines (or records) of compromised user accounts linked to Brazilian resources were found in logs published by info stealer operators on the dark web, with 38% of records related to compromises in 2024 alone. RedLine, Lumma and RisePro were the most prevalent malware families, accounting for 70% of total info stealer activity in 2024.

Our research reveals that government, healthcare (despite the connection between healthcare operations and human life), finance and insurance are the industries in Brazil currently most frequently targeted by cybercriminals.

Understanding the overall threat landscape, emerging trends and associated risks is essential for organizations and public institutions to strengthen defenses and proactively protect the IT environment from cyberattacks and dark web threats at the earliest stages – before it’s too late.

  • The Kaspersky team has shared our findings in Flowing through Amazonia – The dark web threat landscape for Brazil. This report will be beneficial for:
  • C-level managers
  • Corporate security specialists
  • Risk management professionals
  • Cyber Threat Intelligence (CTI) and SOC analysts
  • Incident response specialists
  • OSINT and darknet researchers

The dark web threat landscape for Brazil