Information Technology

Canada-based VoIP provider VoIP.ms is still battling a week-long, massive ransom distributed denial of-service (DDoS) attack. 

ZDNet Recommends

The best VoIP services: Replicate a traditional office phone at home

Are you transitioning your on-premises workforce to a work-at-home powerhouse? Do you need to put a business phone on every desk, even if those desks are in the corner of a spare bedroom? If you’re trying to replicate a traditional office phone PBX remotely, we have 12 recommendations that should get you talking.

Read More

The company, which provides internet telephony services to businesses across the US and Canada, was hit by a DDoS attack on September 16, with the company confirming via Twitter: “At the moment we carry on with the labor of alleviating the effects caused by the massive DDoS directed at our infrastructure. We continue to work full-on re-establishing all of our services so we can have you connected.”SEE: Four months on from a sophisticated cyberattack, Alaska’s health department is still recoveringAs reported by BleepingComputer earlier this week, the attack also affected its domain name service (DNS) infrastructure. Its website remains hard to access some days after the attacks were first acknowledged. In an update on Wednesday, VoIP.ms apologized to customers and confirmed it was still being targeted by what it described as a ‘ransom DDoS attack’ . VoIP.ms says it has over 80,000 customers in 125 countries.    

All our resources are still working at stabilizing our website and voice servers due to the ongoing DDoS attacks. We understand the significance of the impact on our clients’ operations and want to reassure you that all of our efforts are being put into recovering our service.— VoIP.ms (@voipms) September 22, 2021

DDoS attacks are becoming more frequent, more disruptive and increasingly include ransom demands, according to recent research. VoIP.ms’s website currently indicates it is using CDN provider Cloudflare “to protect itself from online attacks”.Cloudflare in August helped block what it claimed was the largest DDoS attack on record, which emanated from about 20 000 compromised internet-connected devices in 125 countries. Variants of the Mirai botnet still plague the internet, some five years after the original Mirai DDoS was open-sourced following a massive attack on the blog Krebs on Security in 2016.  

According to Ars Technica, VoIP.ms is requiring visitors to solve captchas before allowing them to access the site. After completing the captcha challenge, the VoIP.ms website currently displays the message: “A Distributed Denial of Service (DDoS) attack continues to be targeted at our Websites and POP servers. Our team is deploying continuous efforts to stop this however the service is being intermittently affected.”In a Facebook post on Wednesday, the company said: “We have not stopped on all duties required to have our website and voice servers safe from the attack that has been directed to us, we have all the team, plus professional help working minute by minute on controlling the issues and having all crucial services going as expected, Please stay tuned, thanks.”SEE: Half of businesses can’t spot these signs of insider cybersecurity threatsBleepingComputer reported that the attackers have asked for one bitcoin, worth around $45,000 today, to stop the DDoS attacks.Two UK VoIP companies suffered DDoS attacks earlier this month, as reported by The Register: UK-based Voip Unlimited said it was hit with a “colossal ransom demand” after the DDoS attack. Mark Pillow, MD of Voip Unlimited, told The Register that industry body UK Comms Council had reported that other companies had also been affected by DDoS attacks and ransoms from ‘REvil’. However, there is no way of knowing whether this is related to the prolific ransomware attack group of the same name. More

Cybersecurity researchers have detailed a ransomware campaign that clearly borrows attack techniques used by nation-state-backed hacking and cyber-espionage operations.  The campaign came to light when cyber criminals attempted to launch a ransomware attack against an unspecified product safety testing organisation. The attack was detected and stopped before it was successful, but provided cybersecurity researchers at eSentire with enough information to analyse the tactics, techniques and procedures being used.

ZDNet Recommends

The best cyber insurance

The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.

Read More

As eSentire’s security research team began to investigate the incident, they said they “discovered some very curious findings, relating to both the threat group behind the attack, as well as the tools and techniques used in the attack”.  SEE: A winning strategy for cybersecurity (ZDNet special report) The attack methods used in attempted ransomware campaign resembled techniques previously attributed to state-backed Chinese hacking operations including APT27 – also known as Emissary Panda.  eSentire said the low quality of the ransomware and the lack of any known ransomware breaches by this ‘Hello Ransomware’, along with the attackers’ use of intrusion and reconnaissance methods that are typically associated with sophisticated groups, raises the question of whether the ransomware is the primary goal of the operators.  “Or are the cyber criminals dropping ransomware into their target victims’ IT environment to simply distract from their real motive – cyber espionage?” eSentire said.

While all of this doesn’t necessarily mean that those behind the ransomware are working out of or on behalf of China, it demonstrates how cyber criminals can mimic the tactics used by advanced government-backed hacking groups in an effort to deliver malware.  Techniques deployed in the attempted attack in July include the use of SharePoint exploits and China Chopper, a stealthy remote access tool that provides a backdoor onto compromised systems, often distributed onto web servers. While commonly used by Chinese APT groups, China Chopper web shell is widely available and is popular with a variety of attackers, both state-backed and cyber criminal.  But the use of these exploits and China Chopper aren’t the only techniques the attackers behind ransomware use alongside APT groups, such as using Mimikatz for password scraping and privilege escalation, attempts to disable security monitoring, as well as dropping PowerShell command executions via masquerading as a legitimate anti-virus provider – in this case, mimicking Kaspersky.   There are also time delays between different steps of the attack in an effort to avoid detection. These time delays also suggest a hands-on human touch when carrying out the attacks, something that’s common with APT groups.  While the methodology is the same as that used by nation-state hacking groups, it would be unusual for a state-sponsored group to directly engage in ransomware attacks. Wannacry ransomware, deployed by North Korea, is an infamous example of an attempted ransomware attack by a state, but on the whole, ransomware is the domain of cyber criminals.  There’s the possibility that those behind ransomware are performing a false flag operation, deploying tactics known to be used by a particular operation because it leads any investigation away from them. It’s also well-known that the tactics are an effective means of compromising networks – meaning they’re perfect for ransomware attacks.  Like other forms of ransomware, Hello encrypts files – in this case with a .hello extension – and demands a ransom from victims in exchange for the decryption key. The ransom note is fairly basic, using Notepad to present a ransom note telling the victim to email the attackers to negotiate a deal.   Hello ransomware is also quite basic by the standards of top ransomware in 2021 because there’s no threat to leak stolen data and no leak site for publishing stolen data on. It also isn’t run on a ransomware-as-a-service model, like many of the most prolific ransomware variants today, meaning that it stands out.  Despite all this, the hands-on nature of attacks indicates that whoever is behind Hello ransomware knows what they’re doing.  “Hello ransomware is an exception of ransomware evolution. There’s nothing particularly sophisticated about the ransomware itself, or even the initial access vector, a two-year-old SharePoint vulnerability,” Keegan Keplinger, research and reporting lead at eSentire, told ZDNet.  “It is the post-compromise actions which can really be considered sophisticated,” he added. 

Researchers even suggest the possibility that the ransomware could be laid down as a distraction while laying the foundations for something else.   SEE: Four months on from a sophisticated cyberattack, Alaska’s health department is still recovering “There is a stark difference between the sophisticated intrusion capabilities, used in conjunction with the seemingly simplistic Hello Ransomware. This, in addition to the little-publicised success of the Hello ransomware campaigns, also bring the actors’ motivations into question,” said Keplinger.  The campaign remains mysterious, but while the attack targeting the safety testing organisation was stopped before it was able to encrypt the network, others might not be so lucky.  Steps that businesses can take to help avoid falling victim to ransomware – and many other forms of cyberattacks – include applying security patches for known vulnerabilities in a timely manner and using multi-factor authentication across the network to make it more difficult for intruders to move around networks.  More

A new hacking group targeting entities worldwide to spy on them has been unmasked by researchers.  Dubbed FamousSparrow by ESET, on Thursday, the team said that the advanced persistent threat (APT) group — many of whom are state-sponsored — is a new entry to the cyberespionage space.  Believed to have been active since at least 2019, the APT has been linked to attacks against governments, international organizations, engineering firms, legal companies, and the hospitality sector.   Victims are located in Europe, the United Kingdom, Israel, Saudi Arabia, Taiwan, Burkina Faso in West Africa, and the Americas — including Brazil, Canada, and Guatemala. 
ESET
ESET says that current threat data indicates that FamousSparrow is a separate group independent from other active APTs, however, there do appear to be several overlaps. In one case, exploit tools used by the threat actors were set up with a command-and-control (C2) server linked to the DRDControl APT, and in another, a variant of a loader employed by SparklingGoblin appears to have been in use.

What makes this new APT interesting is that the group joined at least 10 other APT groups that exploited ProxyLogon, a chain of zero-day vulnerabilities disclosed in March which was used to compromise Microsoft Exchange servers worldwide.  The researchers say that ProxyLogon was first exploited by the group on March 3, before Microsoft released emergency patches to the public, which indicates “it is yet another APT group that had access to the details of the ProxyLogon vulnerability chain in March 2021.”

The APT tends to compromise internet-facing applications as its initial attack vector, and this does not only include Microsoft Exchange servers — Microsoft SharePoint and Oracle Opera are in the line of fire, too.  FamousSparrow is the only known APT to make use of a custom backdoor, dubbed SparrowDoor by the team. The backdoor is deployed via a loader and DLL search order hijacking, and once established, a link to the attacker’s C2 is created for the exfiltration of data.  In addition, FamousSparrow accounts for two customized versions of the open source, post-exploit password tool Mimikatz, a legitimate penetration testing kit that has been widely abused by cybercriminals. A version of this tool is dropped upon initial infection, as well as the NetBIOS scanner, Nbtscan, and a utility for gathering in-memory data, such as credentials.  “This is another reminder that it is critical to patch internet-facing applications quickly, or, if quick patching is not possible, to not expose them to the internet at all,” the researchers commented. “The targeting, which includes governments worldwide, suggests that FamousSparrow’s intent is espionage.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Australia and New Zealand Group (ANZ) chief executive Shayne Elliot has encouraged the Standing Committee of Economics to prioritise the need to raise further awareness, as well as recommend additional steps industry and government could take, to address the rising number of scams.In fronting the committee, which is currently undertaking a review of the four major banks and other financial institutions, Elliot highlighted that for the first eights months of 2021, ANZ had seen a 73% increase in scams being detected or reported by customers, compared to the same time last year. Over the same period, ANZ retail customers sent AU$77 million to scammers, of which the bank was able to claw back almost AU$19 million, Elliot said.He also noted that ANZ has blocked over 15 million malicious emails every month, and has blocked between 15 to 20 million attacks on its website, including DDoS attacks, during the period. “The most prevalent and successful scam involves criminals gaining remote access to consumer customer computers and the devices. We’ve also seen a year-on-year increase in investment scams of around 53% and a high proportion of these involve cryptocurrency,” Elliot continued.”There’s good work going on within the industry and government to tackle the problem. For example, the Australian Banking Association launched a scams awareness campaign yesterday. However, more needs to be done. “This committee could help by inquiring into the problem, raising further awareness of the dangers, and recommending additional steps industry and government could take.”

Elliot detailed that for “serious attacks” and when the bank can identify the perpetrator, it works with the likes of Austrac, national security teams, and the police to deal with these attacks but urged more needs to be done to help customers who cannot protect themselves.The average age of scam victims is 59 and 44% are over the age of 65, Elliot reported. “Thankfully, the Australian banking system and it’s not just an entity that is investing heavily in the area … our concern is more to do with our customers who either don’t have the resources or don’t see the need to do this, so it’s a growing issue.”On topic of cryptocurrency, Elliot admits it is an area the bank “struggles” to understand in terms of how to service it while remaining compliant to obligations, such as money laundering sanctions and anti-terrorism financing. “That’s not to say that that’s a forever policy, but right now that’s difficult,” he said. “Just to give you an example, at the moment, we understand if you’re a crypto exchange you may apply for an Austrac licence but that’s not transparent to me. I have no way of knowing or getting access to whether that licence has been granted or not, so it’s quite a difficult area.”For now, we have a policy of not providing banking to the crypto exchange world, in particular. But as I said, it’s not a forever policy, it will depend on how things emerge in that space and how we can do so safely.”A similar view was shared by Commonwealth Bank of Australia chief Matt Comyn who faced the committee on Thursday morning.”We have very specific requirements when we bank someone, we need to understand the remitter and beneficiary. We have certain obligations. Some elements — and there’s a large dispersion of different types of players in the crypto space — is unquestionably fraud and scam. There are also some reputable players. It is by definition a higher risk industry and category,” he said.Such discussions coincide with the release of a whitepaper Cyber Threats and Data Recovery Challenges for FMIs, developed by the Working Group on Cyber Resilience, an industry working group that includes representatives including the Reserve Bank of Australia and the Federal Reserve Bank of New York. The paper highlights the need for greater industry collaboration around: The creation of design principles for housing critical data sets in data bunkers and third-party sites; the need for further guidelines for minimising contagion; the adoption of common standards for assessing third-party risks to the ecosystem; the delivery of industry-wide cyber exercises by an independent party; and a common, yet flexible, definition of service criticality and its prioritisation around resumption.On Thursday, the Australian Securities and Investments Commission (ASIC) also noted it was concerned that social media posts were being used to coordinate pump and dump activity in listed stocks, which could potentially result in market manipulation and therefore in breach of the Corporations Act 2001.As ASIC puts it, pump and dump activity can occur when a person buys shares in a company and starts an organised program to seek to increase the share price using social media and online forums to create a sense of excitement in a stock or spread false news about the company’s prospects. They then sell their shares and take a profit, leaving other shareholders to suffer as share prices fall. ASIC said that it has recently observed “blatant attempts” of such activities, using its real-time surveillance system and by integrating trade data from third parties to identify networks of connected parties and to analyse trading patterns. “Market participants, as gatekeepers, should take active steps to identify and stop potential market misconduct. They should consider the circumstances of all orders that enter a market through their systems, and be aware of indicators of manipulative trading,” ASIC commissioner Cathie Armour said. Related Coverage More

LG Electronics said on Thursday it has acquired Israeli automotive cybersecurity startup Cybellum.Tel Aviv-based Cybellum was founded in 2016 and offers a risk assessment software that can scan software on vehicle components for vulnerabilities and risks.   The South Korean electronics maker signed a deal with the startup to acquire 63.9% of its shares. LG will also acquire additional shares of Cybellum by the year’s end, with the amount to be finalised then.LG has also signed an additional contract, worth $20 million, with the startup for future equity that will see the funds be converted to more shares from the end of 2022 to the first half of 2023.Cybellum’s current management team will continue to run the company independently and work with its existing automobile and component partners, LG said.According to the South Korean company, the importance of security in the automotive industry has become more important as more vehicles connect to networks. Due to this, cybersecurity has become an important barometer for the quality of a vehicle’s life cycle, along with design, development and driving capabilities, the company said.  Through Cybellum’s solutions, LG will look to beef up the security systems on its automotive offerings in the areas of infotainment and telematics, the company said, to preempt security regulations in various countries and become a reliable partner to automobile manufacturers.

LG currently offers various software and components for vehicles. Its affiliate LG Display also supplies display panels to automobile companies.In July, its joint venture with Magna International was formed, which aims to offer electric powertrain components and systems for cars.In March, LG launched a joint venture called Alluto with Luxoft, a subsidiary of DXC Technology that offers connected car solutions based on the webOS Auto platform.Related Coverage More

CISA sent out an advisory on Wednesday centered around the Conti ransomware, providing detailed information for the cybersecurity community about the ransomware group and its affiliates.  Both CISA and the FBI said they have seen more than 400 attacks involving Conti’s ransomware targeting US organizations as well as international enterprises. The FBI has previously implicated Conti in attacks on at least 290 organizations in the US. CISA offered a technical breakdown on how the ransomware group’s operators typically function and what steps organizations can take to mitigate potential attacks. CISA noted that while Conti operates a ransomware-as-a-service model, they do so a bit differently than others. Instead of paying affiliates a cut of the earnings that come from ransoms, the group pays the deployers of the ransomware a wage, according to CISA. Rob Joyce, director of cybersecurity at NSA, said the cybercriminals now running the Conti ransomware-as-a-service have historically targeted critical infrastructure, such as the Defense Industrial Base (DIB). He added that the advisory highlights actions organizations can take right now to counter the threat.”NSA works closely with our partners, providing critical intelligence and enabling operations to counter ransomware activities. We highly recommend using the mitigations outlined in this advisory to protect against Conti malware and mitigate your risk against any ransomware attack,” Joyce said. On Twitter, Joyce said Conti attacks are increasing and he urged organizations to use MFA, segment their networks and explore using a patch management system to keep networks updated. CISA explained that Conti actors typically use a variety of methods and tools to infiltrate systems, including spearphishing campaigns, remote monitoring and management software and remote desktop software.

The spearphishing campaigns seen by CISA used tailored emails that contain malicious attachments or links. Stolen or weak Remote Desktop Protocol (RDP) credentials, phone calls, fake software promoted via search engine optimization, other malware distribution networks like ZLoader and common vulnerabilities in external assets were all cited as tools Conti actors have used during ransomware attacks. “Malicious Word attachments often contain embedded scripts that can be used to download or drop other malware — such as TrickBot and IcedID, and/or Cobalt Strike — to assist with lateral movement and later stages of the attack life cycle with the eventual goal of deploying Conti ransomware,” CISA explained. “In the execution phase, actors run a getuid payload before using a more aggressive payload to reduce the risk of triggering antivirus engines. CISA and FBI have observed Conti actors using Router Scan, a penetration testing tool, to maliciously scan for and brute force routers, cameras, and network-attached storage devices with web interfaces. Additionally, actors use Kerberos attacks to attempt to get the Admin hash to conduct brute force attacks.” The operators of Conti’s ransomware also have been seen using remote monitoring and management software as well as remote desktop software as backdoors to maintain persistence in a victim’s network. CISA explained that sometimes the ransomware group and its affiliates use tools that are already on a victim’s network or add tools like Windows Sysinternals and Mimikatz to “obtain users’ hashes and clear-text credentials, which enable the actors to escalate privileges within a domain and perform other post-exploitation and lateral movement tasks.”The TrickBot malware is also used in some cases as a way to carry out other post-exploitation tasks.The advisory noted that “artifacts from a recently leaked threat actor ‘playbook,’ identify IP addresses Conti actors have used for their malicious activity.” The playbook also shows that Conti operators aim to exploit vulnerabilities in unpatched assets like the 2017 Microsoft Windows Server Message Block 1.0 server vulnerabilities, the “PrintNightmare” vulnerability and the “Zerologon” vulnerability. “CISA and FBI have observed Conti actors using different Cobalt Strike server IP addresses unique to different victims. Conti actors often use the open-source Rclone command line program for data exfiltration,” the advisory said. “After the actors steal and encrypt the victim’s sensitive data, they employ a double extortion technique in which they demand the victim pay a ransom for the release of the encrypted data and threaten the victim with public release of the data if the ransom is not paid.”As Joyce said, CISA, the FBI and NSA suggested organizations segment their networks, filter traffic, scan for vulnerabilities and stay up-to-date with all patches. They added that unnecessary applications and apply controls should be removed, endpoint and detection response tools should be implemented and access should be limited across networks. Conti made a name for itself after attacking hundreds of healthcare institutions — including a debilitating ransomware attack on Ireland’s Health Service Executive on May 14 — as well as schools like the University of Utah and other government organizations like the city government of Tulsa, Oklahoma and the Scottish Environment Protection Agency.Allan Liska, ransomware expert and member of the computer security incident response team at Recorded Future, said much of what was in the advisory was well-known in the information security community. But he noted that experts are not the target audience of the advisory. “There are a lot of security people who will find this very useful because the tools used by Conti are used by other ransomware groups. For example, rclone is mentioned in the report. I see rclone used by many ransomware groups but rarely by legitimate employees of an organization, so looking for rclone hashes on endpoints could be useful,” Liska said. “I also think a lot of people didn’t know that Conti has infected organizations through phone calls. That may be a new threat model for a lot of organizations and one that they have to consider how to defend against. Overall, while it is not a groundbreaking report, it is nice to have so many of Conti’s TTP in a single location rather than combing through 15 different ZDNet articles to find them.” More

Cloud data protection and management provider Druva has come out with an approach called Curated Recovery to help defend against the rapidly growing ransomware problem.Deployed as in addition to the company’s standard Accelerated Ransomware Recovery module, Druva Curated Recovery mitigates the impact of a ransomware attack by building uncorrupted, unencrypted, and malware-free system recovery points to ensure successful recovery–even before one is needed, Druva VP of Products Prem Ananthakrishnan told ZDNet. Curated Recovery, announced Sept. 21, identifies anomalies as they show themselves in an IT system; when an intrusion is deployed, Druva quarantines the malware and, using intelligent automation, reinstates all system files in a state prior to when the ransomware was detected. By pre-establishing a large set of recovery points, Curated Recovery identifies the latest clean version of each file through its recent changes, replacing a resource-intensive process that can take weeks with a simplified recovery workflow. Thus, IT teams can find the most recent clean version of all their data and return operations to normal in a much shorter time frame, Ananthakrishnan said.Ransomware, a malicious software agent that blocks access to a computer system until a sum of money is paid, is one of the most common hacking methods used by hackers and malicious actors. The average ransomware payment, which only a few years ago was about $15,000, has surpassed $240,000, according to a recent survey from IDC. Its profit potential has incentivized bad actors to expand the scope of their attacks, including the introduction of new variants designed specifically to encrypt or delete backup data. “What’s happening is that these new variants of ransomware are staying on the systems (much longer), and they’re encrypting the data so slowly,” Ananthakrishnan said. “It’s taking months (for them) to actually encrypt the data. So the net result of that is that the cleanest version–or the most recent version of each file–is unencrypted, and those files may be sitting across multiple restore or recovery points of the data. “Unfortunately, files now are not available in one single recovery point (such as a snapshot). Users now have to go into all these different datasets, and keep trying and testing each one of them to see if they can get the latest version of the file. If you’ve got 100,000 files, think of how long that would take.”Druva’s Accelerated Ransomware Recovery platform has a zero-trust architecture that ensures only customers have access to their data, while features such as excess deletion prevention stops ransomware from permanently deleting backups, the company said.  Key features

Druva’s Accelerated Ransomware Recovery is designed to reduce data loss via intelligent automation and orchestration; it also integrates with security information and event management (SIEM) and security orchestration, automation, and response (SOAR) tools. Key components include:  Access insights: Understand location and identity for all access attempts to gain situational awareness.Anomaly detection: Gain data-level insights on file changes, creation, recovery, and deletion. Users can create alerts for anomalous activity and use anomaly information to identify the timeframe of an attack.Quarantine: Quickly quarantine infected systems and snapshots.Recovery scans: Scan snapshots for known malware and customer-provided indicators of compromise before restoring to avoid reinfection.Curated recovery: Automatically recover the most recent clean version of every file within a specified time frame, reducing recovery time.  Druva Cloud Platform is built on AWS and offered as-a-service that provides globally accessible, scalable, and autonomous enterprise data resiliency. Druva started out in 2008 specializing in protecting data on mobile devices; it has continued to evolve into the cloud data protection and management space. Since those early days, Druva has become known as an early pioneer of edge-computing data protection. More

The Brazilian government has launched a data protection guide as part of efforts to raise awareness on the issue among the general public. The 19-page guide entitled “How to protect your personal data” was developed by the National Consumer Defense Council, in partnership with the National Data Protection Authority (ANPD). Using simplified language and avoiding the excess of technical jargon, the material outlines examples of situations where treatment of data might be possible, and when it is legal to do so. The document also explains what are the principles that underpin data treatment in Brazil, and how these guidelines comply with the country’s General Data Protection Regulations (LGPD), which is also broadly explained. A list of topics summing up how organizations should act in relation to personal data is also provided. Moreover, the document issued by the Brazilian government agencies outlines the rights of data holders, such as knowing whether their personal data will be treated and for what purpose, of accessing their own data if it is being treated, as well as asking for anonymization, revoking authorization to data access, and even the exclusion of data from a database.

The material offers suggestions of how data holders can protect their personal information, including the use of two-factor authentication, data backups and encryption. It also provides the steps that should be taken in case of incidents relating to personal data.Fostering a data protection culture with material aimed at the general public is one of the first objectives of the ANPD, which published its strategy in February. According to the initial plan of the data protection authority, strategic actions will include educational events and workshops around the theme, as well as guides and recommendations relating to the data protection subject, and dialog with actors inside and outside government to build strategic partnerships for the studies to be carried out.

A study published at the end of 2020 by Brazilian credit intelligence company Boa Vista suggested that consumers in Brazil are mostly unaware of the country’s data protection rules and fail to question companies’ personal data management practices. More recently — and especially the emergence of the largest data leak on record in Brazil — there has been a growing concern with relation to personal data security. A report by Datafolha Institute published in July 2021, suggested Brazilians are worried about what happens to their data, despite knowing that companies they interact with keep some type of information about their consumption and leisure habits. More