Brazil-Based Fraud Runs Up a $3.75 Billion Tally


Enterprise security is vital at any kind of organization, but in few places is the need as readily apparent as banks. After all, the average financial institution has access to the most privileged information out there — namely, payment data as well as direct access to customer accounts.

Not surprisingly, in an increasingly monetary-focused cybercrime community, banks present an especially lucrative target for hackers, as illustrated by a years-long banking attack in Brazil that has racked up billions of dollars.

‘Boleto Malware’ Drives Breach Costs Through the Roof in Brazil
Many banks in Brazil have been learning a firsthand lesson in the perils of less-than-stringent enterprise security. According to ZDNet, for the past two years a banking-focused strain of malware called Bolware has been riding a wave of successful incursions, all the while eluding any efforts at detection on the part of banks and affected customers.

The malware first appeared on the Brazilian banking scene back in 2012. In Brazil, Boletos are the equivalent of a money order in the United States and this form of payment is the second most popular transaction method in the country. Because of the popularity of Boletos, that’s exactly where a large criminal network focused its attentions and began developing a strain of malware that would work its way in between customers and banks on the receiving end.

Through this man-in-the-browser (MITB) tactic, Bolware has accumulated $3.75 billion since its first appearance and now directly impacts 34 different banking systems in the country.

According to a recently released report on the Boleto problem, RSA Research Group pointed out that the malicious strain is particularly effective at monetary extraction because of its virtual invisibility when it is active. Unlike some bugs, which will cause conspicuous disruptions in a user’s computing experience, Bolware does not make its presence known and a customer can conduct an online Boleto transaction without realizing that they’ve been in the clutches of a hacker the entire time.

The Boleto incident points to a bigger problem with cybersecurity — namely, that malicious strains are growing in sophistication just as fast if not faster than efforts to suppress them. For this reason, enterprise security needs to be given the attention it deserves in all businesses. Luckily a new cybersecurity poll suggests this may already be the case.

Poll Indicates Growing Appreciation of the Problems Posed by Malicious Threats
Last year, the annual Investment Management Compliance Testing Survey found that only 14 percent of respondents considered cybersecurity a vital topic. This year, according to InvestmentNews, that number has rocketed to 75 percent.

This marked increase in cognizance of the importance of cybersecurity bodes well for the future, since the main thing that will curb the flow of malware attacks is if businesses respond with more stringent protective measures. Laura Grossman, assistant general counsel of Investment Adviser Association, the group that sponsored the survey, said this boost in attention to cybersecurity is a direct result of a broader attack sphere.

“There have been so many high-profile cybersecurity breaches in the news, not just in the financial services sector, but more broadly,” she said.


Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.


Add to the Conversation