Phishing and malware by numbers in the Threat Report Portugal Q3 2021.
Segurança-Informática developed and maintains the Portuguese Abuse Open Feed 0xSI f33d, an open sharing database with the potential to collect indicators from numerous sources. This feed is provided by a robust community of contributors and is based on automatic searches. As a result, it is a dependable, trustworthy, and constantly updated source focusing on threats posed to Portuguese citizens. Since July 2021, 0xSI f33d has been a member of the official VirusTotal ingestors, allowing the community to check threats provided by this feed all around the world.
The Threat Report Portugal: Q3 2021 combines information on malicious campaigns that took place in the third quarter of 2021, from July to September.
Phishing or malware were identified in the submissions. The report also covers the risks, trends, and significant takeaways from threats identified and reported into 0xSI f33d. This study contains intelligence and indicators of compromise (IOCs) that businesses may utilise to better combat existing assaults, predict upcoming risks, and maintain security awareness.
Q3 2021: Phishing and Malware
In Q3 2021, phishing campaigns (79.8%) were more prevalent than malware (20.2%), according to the results shown in Figure 1. It’s vital to remember the figures from Q2 2021, because phishing (69.5%) and malware (30.5%) both surged dramatically in the third quarter.
It is possible to confirm that there were a large number of phishing campaigns in the months of March, April, and June, which is a significant signal of the COVID-19 pandemic condition.
When looking at these numbers, it’s feasible to see a spike in phishing submissions around December 2020. One cause for this could be the ANUBIS phishing network, which took place in Portugal between November and December 2020, as well as the BlackFriday and Christmas seasons. With Internet users using the Internet and online platforms to buy Christmas gifts, this year is predicted to be a BOOM in terms of harmful efforts.
Phishing and malware campaigns rose in Q1 2021, most likely as a result of the Facebook data breach that was revealed in early January 2021. Criminals are exploiting this type of information to run large-scale campaigns and target Portuguese Internet users. Criminals continue to use unique tactics to transmit phishing connected to the banking industry in the wild in Q2. Also seen were ads run by the Autoridade Tributária e Aduaneira, which used Telegram to alert criminals to new infections. August comes to a close with a big spoofing campaign for the Continente grocery chain, with a large number of domains submitted to the 0xSI f33d.
In terms of malware, the well-known QakBot trojan banker has been identified as a growing danger in Portugal from Q1 to Q3 2021. This malware is designed to collect banking credentials and secrets from victims utilising a variety of methods, tactics, and procedures (TTPs) that have evolved over time, such as delivery mechanisms, C2 approaches, and anti-analysis and reversing capabilities.
Recently, two new pieces of malware have been discovered: the HorusEyes RAT, which uses a RAT found on underground forums, and the deadly and fully undetectable (FUD) Maxtrilha trojan.
Check out the complete analysis for additional information on the Maxtrilha trojan.
Malware Countdown
Overall, Office and macro documents, the QakBot trojan banker, the Satori/Mirai botnet, and the Maxtrilha trojan were among the most common threats affecting Portuguese citizens in the third quarter of 2021. Other trojan bankers’ versions and families were also discovered, impacting users from several banks in Portugal. Malware of this type is typically found in Latin American countries, and assaults are spread through phishing efforts. Smishing is also being used by criminals to broaden the scope of their crimes and affect a huge number of people.
Threats by Industry
Banking was the most affected sector, with both phishing and malware operations targeting Portuguese residents in the third quarter of 2021. The most hit sectors in this season were retail and technology.
Threat campaigns, as well as further occurrences and investigations that are documented and published on Segurança-Informatica, will be published daily into 0xSI f33d during Q4 2021.
The infographic featuring the study may be downloaded in PDF or PNG format from here.