• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Anne Arundel Dermatology data breach impacts 1.9 million people

 | 

LameHug: first AI-Powered malware linked to Russia’s APT28

 | 

5 Features Every AI-Powered SOC Platform Needs in 2025

 | 

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

 | 

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

 | 

United Natural Foods Expects $400M revenue impact from June cyber attack

 | 

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

 | 

UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

 | 

Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

 | 

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

 | 

Former US Army member confesses to Telecom hack and extortion conspiracy

 | 

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

 | 

DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

 | 

U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

 | 

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

 | 

Belk hit by May cyberattack: DragonForce stole 150GB of data

 | 

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

 | 

FBI seized multiple piracy sites distributing pirated video games

 | 

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

 | 

Interlock ransomware group deploys new PHP-based RAT via FileFix

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Hacking
  • Malware
  • Threat Report Portugal: Q3 2020

Threat Report Portugal: Q3 2020

Pierluigi Paganini November 06, 2020

Threat Report Portugal Q3 2020: Data related to Phishing and malware attacks based on the Portuguese Abuse Open Feed 0xSI_f33d.

The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also has a strong contribution from the community. This makes it a reliable and trustworthy and continuously updated source, focused on the threats targeting Portuguese citizens.

The Threat Report Portugal: Q3 2020 compiles data collected on the malicious campaigns that occurred from July to August, Q3, of 2020. The campaigns were classified as either phishing or malware. In addition, the report highlights the threats, trends, and key takeaways of threats observed and reported into 0xSI_f33d. This report provides intelligence and indicators of compromise (IOCs) that organizations can use to fight current attacks, anticipating emerging threats, and manage security awareness in a better way.

Phishing and Malware Q3 2020

The results depicted in Figure 1 show that phishing campaigns (72,8%) were more prevalent than malware (27,2%) during Q3 2020. It is important to make a reference to the values of Q2, malware maintains the growth trend, with an increase of ~10% in this trimester.


Observing the threats by category from Jan – August, it is possible to verify that there was an increasing number of phishing campaigns during March, April, and Jun,  and this is a strong indicator related to the COVID-19 pandemic situation.

From Figure 2, January presented a total of 15 phishing campaigns, 29 in February and 46 during March. 196 campaigns were registered during April, 262 in April, and 204 in June. In Q3, July with 81, August 209, and September with a total of 137 were the incidents observed during these months. It is crucial to monitor this growth indicator to predict the trend for the next months, where probably campaigns related to the Christmas time should emerge in the wild.

On the other hand, May, June, and August were the months where malware was spotlighted, with the botnet Mirai, Emotet, and the infamous Lampion Trojan in place. This piece of malware was identified at the end of December 2019 using template emails from the Portuguese Government Finance & Tax and Energias de Portugal (EDP) with the goal of collecting banking details from victim’s devices. Also, other trojan bankers have been observed during Q3, including TroyStealer and Grandoreiro expanded now to Portugal. A new piece of malware was also tracked and analyzed during Q3 – trojan URSA/mispadu. The emergent URSA trojan is impacting many countries using a sophisticated loader and avoiding antivirus detection.

Malware by Numbers

Overall, the URSA trojan malware was one of the prevalent threats affecting Portuguese citizens during Q3 2020. Other trojan bankers variants and families affecting users from different banks in Portugal were also observed. These kinds of malwares come from Brazil and the attacks are disseminated via phishing campaigns. Criminals are also using smishing to enlarge the scope and to impact a large group of victims.

In a research conducted by Segurança-Informática, where the whole phishing chain related to MBWAY was described, it is possible to validate that criminals are using a fresh technique in order to obfuscate the messages to evade its detection. In detail, the usage of the Web Open Font Format allows deobfuscate the font style on-the-fly and the original text never exists on the landing-page. Another recurrent campaign that impersonates the NOVO BANCO was observed in-the-wild many times during these months and it was also analyzed and published during Q3 on Segurança Informática.

As mentioned, also a new trojan banker called URSA have made the headlines during Q3. Details about this recent threat can be accessed here.

Threats by Sector

Regarding the affected sectors (Figure 5), Banking was the most affected with both phishing and malware campaigns hitting Portuguese citizens during Q3 2020. Next, was Retail and Financing, as the most sectors affected in this season.

Threat Report Portugal Q2 2020

Threat campaigns during Q4 will be published on a daily basis into 0xSI_f33d, as well as additional incidents and investigations that are being documented and published on Segurança-Informatica.

The infographic containing the report can be downloaded from here in printable format: PDF or PNG.

Download: [PDF] or [PNG]

About the author Pedro Tavares

Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Threat Report Portugal)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Hacking Threat Report Portugal Q3 2020

you might also like

Pierluigi Paganini July 18, 2025
Anne Arundel Dermatology data breach impacts 1.9 million people
Read more
Pierluigi Paganini July 18, 2025
LameHug: first AI-Powered malware linked to Russia’s APT28
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Anne Arundel Dermatology data breach impacts 1.9 million people

    Data Breach / July 18, 2025

    LameHug: first AI-Powered malware linked to Russia’s APT28

    APT / July 18, 2025

    5 Features Every AI-Powered SOC Platform Needs in 2025

    Security / July 18, 2025

    Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

    Security / July 18, 2025

    Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

    Data Breach / July 17, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT