In the digital age, cybersecurity is a top priority for any organization. It is crucial to know the threats that can attack your organization and know how to mitigate them. One of these threats is malware, that often infiltrates organizations through seemingly harmless emails.
This malicious activity can occur due to several factors, including exploitation of network vulnerabilities, data breaches, geographic influences, and even the age and ownership of the equipment.
Topics in this article:
What is the Malware?
THE Malware, abbreviation of “software malicious”, covers any software intentionally designed to cause harm and gain unauthorized access to a computer. It acts like a digital parasite, silently attaching itself to your system and subsequently attacking it without you noticing.
Among the various types of malware, the ransomware emerges as a particularly threatening variant. It is designed to restrict access to a computer or personal files until a ransom is paidThe consequences of these attacks can be financially costly, not only due to the ransom payment, but also due to the expenses related to data and system recovery and restoration.
The Threat Hidden in Your Organization's Inbox
Every day, an astronomical number of emails cross the globe. Among these, hidden in seemingly innocuous files like documents, spreadsheets, images, and PDFs, are emails with malicious intentions.
At RCTS CERT, we analyze dozens of emails per day and most contain some type of malware, either in attachments or links to fake websites that implement the software malicious.
So far, we have identified 509 new domains, 79 new IP addresses and more than 430 new subscriptions of malware confirmed, and we will continue to count more through the end of the year. These numbers highlight the scale of the threat posed to emails which contains malware present to organizations, despite their size.
Cases of ransomware in Portuguese Higher Education Institutions
In 2022, the University of Beira Interior (UBI), located in Covilhã, Portugal, was the victim of a ransomware. Detected on Monday, the attack partially compromised some administrative areas of the university. The threat actors used ransomware to encrypt equipment within UBI's domain and demanded a ransom, which the university did not pay. Although it created some constraints, this attack did not affect classes.
The University took immediate action to minimize the impact and assess the extent of the damage. Some systems were quickly restored, but there was no estimate of when everything would be fully restored. It is not yet known whether the attackers were able to access student and staff information.
Earlier this year, another member of the community, the Polytechnic Institute of Leiria, suffered a ransomware of the family of software malicious Akira. This innovative family of ransomware attacks corporate networks by encrypting sensitive files and demanding large sums of money.
THE Akira uses a unique double extortion tactic. First, it steals victims' confidential data and then encrypts their devices and files. ransomware is configured to encrypt data, create a ransom note, and delete Windows Shadow Volume backups on affected devices. It renames all encrypted files, adding the ".akira" extension.
Identify emails Malicious: A Guide for Your IT Team
Some warning signs to look out for:
- Unexpected attachments: one e-mail that contains an unexpected attachment should raise suspicion and may indicate malicious intent;
- Generic greetings: several emails of phishing begin with impersonal greetings, for example “Dear Customer,” signaling potential threats;
- Urgent action requirements: emails that induce urgency or require immediate action should be treated with suspicion;
- E-mails from dubious senders: Verify the sender's authenticity. Cybercriminals often make small changes to email addresses. e-mail known to deceive recipients;
- Links dangerous and buttons call-to-action: include links malicious is a common feature in this type of emails. It is important to be cautious and avoid clicking on links or buttons immediately. call-to-action.
Steps to protect your organization
Some steps you can take to protect your organization:
- Install a Anti-Malware Software: this software can detect and remove malware of your system;
- Educate your employees: Make sure your employees are well informed about the risks associated with emails suspects and the importance of not opening them;
- Keep your systems up to date: Regularly updating your systems can protect you against known threats.
Remember that, as decision-makers or users, it is everyone's responsibility to stay alert and protect organizations from threats. malware. Share this article with others within your organization to raise awareness about malware in emails.
