Threat Report Portugal: Q4 2020

January 26, 2021  By Pierluigi Paganini


Threat Report Portugal Q4 2020: Data related to Phishing and malware attacks based on the Portuguese Abuse Open Feed 0xSI_f33d.

The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also supported by a healthy community of contributors. This makes it a reliable and trustworthy and continuously updated source, focused on the threats targeting Portuguese citizens.

The Threat Report Portugal: Q4 2020 compiles data collected on the malicious campaigns that occurred from October to December, Q4, of 2020. The submissions were classified as either phishing or malware. In addition, the report highlights the threats, trends, and key takeaways of threats observed and reported into 0xSI_f33d. This report provides intelligence and indicators of compromise (IOCs) that organizations can use to fight current attacks, anticipating emerging threats, and manage security awareness in a better way.

Phishing and Malware Q4 2020

The results depicted in Figure 1 show that phishing campaigns (76,1%) were more prevalent than malware (23,9%) during Q4 2020. It is important to make a reference to the values of Q3  as phishing and malware maintain a growing trend.

Threat Report Q4

Observing the threats by category from Jan to Dec in Figure 2, it is possible to verify that there was a high number of phishing campaigns during March, April, and Jun,  and this is a strong indicator related to the COVID-19 pandemic situation.

Analyzing these results, it’s possible to notice an increased number of phishing submissions in December 2020. One of the reasons that can explain this is the ANUBIS phishing network that occurred in Portugal between November and December 2020.

On the other hand, May, June, and August were the months where malware was spotlighted, with the botnet Mirai, Emotet, and the infamous Lampion Trojan in place. This piece of malware was identified at the end of December 2019 using template emails from the Portuguese Government Finance & Tax and Energias de Portugal (EDP) with the goal of collecting banking details from the victim’s devices. Also, other trojan bankers have been observed during Q3, including TroyStealer and Grandoreiro expanded now to Portugal. A new piece of malware was also tracked and analyzed during Q3 and active in Q4 – trojan URSA/mispadu. The emergent URSA trojan is impacting many countries using a sophisticated loader.

Malware by Numbers

Overall, the Emotet and Satori/Mirai botnet were some of the most prevalent threats affecting Portuguese citizens during Q4 2020 along with the mediatic URSA trojan (Figure 3). Other trojan bankers variants and families affecting users from different banks in Portugal were also observed. These kinds of malware come from Brazil and the attacks are disseminated via phishing campaigns. Criminals are also using smishing to enlarge the scope and to impact a large group of victims.

Threat Report Q4

Threats by Sector

Regarding the affected sectors (Figure 5), Banking was the most affected with both phishing and malware campaigns hitting Portuguese citizens during Q3 2020. Next, was Retail and Technology, as the most sectors affected in this season.

Threat Report Q4

Threat campaigns during Q1 2021 will be published on a daily basis into 0xSI_f33d, as well as additional incidents and investigations that are being documented and published on Segurança-Informatica.

The infographic containing the report can be downloaded from here in printable format: PDF or PNG.

Threat Report Q4

You can download the report from the original post:

https://seguranca-informatica.pt/threat-report-portugal-q4-2020/#.YBBX3-hKg2x

About the author Pedro Tavares

Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Threat Report)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

TikTok privacy issue could have allowed stealing users' private details

 A vulnerability in the video-sharing social networking service TikTok could have allowed hackers to steal users'...