João Machado
Cybersecurity Analyst

In the digital age, cybersecurity is one of the top priorities for any organization. It is crucial to know the threats that could attack your organization and how to mitigate them. One such threat is malwarewhich often infiltrates organizations through seemingly harmless emails.

This malicious activity can occur due to various factors, including exploiting network vulnerabilities, data breaches, geographical influences and the age and owner of the equipment. 

What is malware?

O Malwareshort for "malicioussoftware ", covers any software intentionally designed to cause damage and gain unauthorized access to a computer. It acts like a digital parasite, silently attaching itself to your system and then attacking it without you realizing it.   

Among the various types of malware, ransomware has emerged as a particularly threatening variant. It is designed to restrict access to a computer or personal files until a ransom is paid. The consequences of these attacks can be financially costly, not only because of the ransom payment, but also because of the expenses involved in recovering and restoring the data and system.

The threat hidden in your organization's inbox

Every day, an astronomical number of emails cross the globe. Among these, hidden in seemingly innocuous files such as documents, spreadsheets, images and PDFs, are emails with malicious intent.

At RCTS CERT, we analyze dozens of emails a day and most of them contain some kind of malware, either in attachments or links to fake websites that implement malicious software .

So far, we have identified 509 new domains, 79 new IP addresses and more than 430 new confirmed malware signatures, and we will continue to count more until the end of the year. These figures highlight the scale of the threat that emails containing malware pose to organizations, despite their size.

Cases of ransomware in Portuguese Higher Education Institutions

In 2022, the University of Beira Interior (UBI), located in Covilhã, Portugal, was the victim of a ransomware attack. Detected on a Monday, the attack partially compromised some of the university's administrative areas. The threat actors used ransomware to encrypt equipment within UBI's domain and demanded a ransom, which the university did not pay. Despite creating some constraints, this attack did not affect classes.

The university took immediate steps to minimize the impact and assess the extent of the damage. Some systems were recovered quickly, but there was no prediction as to when everything would be fully restored. It is not yet known whether the attackers managed to gain access to student and staff information.

Earlier this year, another member of the community, the Polytechnic Institute of Leiria, suffered a ransomware attack from the Akira family of malicious software. This innovative family of ransomware attacks corporate networks by encrypting sensitive files and demands large sums of money.  

Akira uses a unique double extortion tactic. First, it steals confidential data from victims and then encrypts their devices and files. The ransomware is configured to encrypt data, create a ransom note and delete "Windows Shadow Volume" backups on the affected devices. It modifies the names of all encrypted files, adding the extension ".akira".

Identifying malicious emails: a guide for your IT team

Some warning signs to watch out for:

  • Unexpected attachments: an email containing an unexpected attachment should arouse suspicion and may indicate malicious intent;
  • Generic greetings: many phishing emails begin with impersonal greetings, for example "Dear Customer," signaling potential threats;
  • Urgent action requirements: emails that induce urgency or require immediate action should be treated with suspicion;
  • Emails from dubious senders: check the authenticity of the sender. Cybercriminals often make small changes to known email addresses to trick recipients;
  • Dangerouslinks and call-to-action buttons: including malicious links is a common feature of this type of email. It is important to exercise caution and avoid clicking on links or call-to-action buttons immediately.

Steps to protect your organization

Some steps you can take to protect your organization:

  • Install Anti-Malware Software: this software can detect and remove malware from your system;
  • Educate your employees: make sure your employees are well informed about the risks associated with suspicious emails and the importance of not opening them;
  • Keep your systems up to date: regularly updating your systems can protect you against known threats.

Remember that, as decision-makers or users, it is everyone's responsibility to stay alert and protect organizations from malware threats. Share this article with others within your organization to raise awareness of malware in emails. 

Other related articles