Threat Report Portugal Q1 2021: Phishing and malware by numbers.

The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also supported by a healthy community of contributors. This makes it a reliable and trustworthy and continuously updated source, focused on the threats targeting Portuguese citizens.

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. The submissions were classified as either phishing or malware. In addition, the report highlights the threats, trends, and key takeaways of threats observed and reported into 0xSI_f33d. This report provides intelligence and indicators of compromise (IOCs) that organizations can use to fight current attacks, anticipating emerging threats, and manage security awareness in a better way.


Phishing and Malware Q1 2021

The results depicted in Figure 1 show that phishing campaigns (75,8%) were more prevalent than malware (24,2%) during Q1 2021. It is important to make reference to the values of Q4 2020 as phishing and malware maintain a growing trend.


Observing the threats by category from Jan to Dec 2020 in Figure 2, it is possible to verify that there was a high number of phishing campaigns during March, April, and Jun,  and this is a strong indicator related to the COVID-19 pandemic situation. 

Analyzing these results, it’s possible to notice an increased number of phishing submissions in December 2020. One of the reasons that can explain this is the ANUBIS phishing network that occurred in Portugal between November and December 2020, and the BlackFriday and Christmas season as well.

The campaigns of phishing and malware in Q1 2021 have been growing, probably as a result of the Facebook data breach leaked in early January 2021. Criminals are using now those kinds of data for performing massive campaigns and targeting Portuguese Internet end users.

In terms of malware, the Javali trojan banker was spotlighted in Q1 2021. This piece of malware have been spread in Latin American countries, Spain, and also Portugal. Javali takes advantage of vulnerabilities in legitimate binaries to execute the malware itself on the target machine.


Malware by Numbers

Overall, the Satori/Mirai botnet, Office and Macro documents, and Javali banking trojan were some of the most prevalent threats affecting Portuguese citizens during Q1 2021. Other trojan bankers’ variants and families affecting users from different banks in Portugal were also observed. These kinds of malwares come from Latin American countries in general, and the attacks are disseminated via phishing campaigns. Criminals are also using smishing to enlarge the scope and to impact a large group of victims.


Threats by Sector

Regarding the affected sectors, Banking was the most affected with both phishing and malware campaigns hitting Portuguese citizens during Q1 2021. Next, was Retail and Technology, as the most sectors affected in this season.


Threat campaigns during Q2 2021 will be published on a daily basis into 0xSI_f33d, as well as additional incidents and investigations that are being documented and published on Segurança-Informatica.

The infographic containing the report can be downloaded from here in printable format: PDF or PNG.


Download: [PDF] or [PNG]