In the digital age, cybersecurity is one of the top priorities for any organization. It is crucial to know the threats that could attack your organization and how to mitigate them. One such threat is malwarewhich often infiltrates organizations through seemingly harmless emails.

This malicious activity can occur due to various factors, including exploiting network vulnerabilities, data breaches, geographical influences and the age and owner of the equipment.

Topics in this article:

What is malware?

O Malwareshort for "malicioussoftware ", covers any software intentionally designed to cause damage and gain unauthorized access to a computer. It acts like a digital parasite, silently attaching itself to your system and then attacking it without you realizing it.

Among the various types of malware, ransomware has emerged as a particularly threatening variant. It is designed to restrict access to a computer or personal files until a ransom is paid. The consequences of these attacks can be financially costly, not only because of the ransom payment, but also because of the expenses involved in recovering and restoring the data and system.

The threat hidden in your organization's inbox

Every day, an astronomical number of emails cross the globe. Among these, hidden in seemingly innocuous files such as documents, spreadsheets, images and PDFs, are emails with malicious intent.

At RCTS CERT, we analyze dozens of emails a day and most of them contain some kind of malware, either in attachments or links to fake websites that implement malicious software .

So far, we have identified 509 new domains, 79 new IP addresses and more than 430 new confirmed malware signatures, and we will continue to count more until the end of the year. These figures highlight the scale of the threat that emails containing malware pose to organizations, despite their size.

**Cases of ransomware in Portuguese Higher Education Institutions**

In 2022, the University of Beira Interior (UBI), located in Covilhã, Portugal, was the victim of a ransomware attack. Detected on a Monday, the attack partially compromised some of the university's administrative areas. The threat actors used ransomware to encrypt equipment within UBI's domain and demanded a ransom, which the university did not pay. Despite creating some constraints, this attack did not affect classes.

The university took immediate steps to minimize the impact and assess the extent of the damage. Some systems were recovered quickly, but there was no prediction as to when everything would be fully restored. It is not yet known whether the attackers managed to gain access to student and staff information.

Earlier this year, another member of the community, the Polytechnic Institute of Leiria, suffered a ransomware attack from the Akira family of malicious software. This innovative family of ransomware attacks corporate networks by encrypting sensitive files and demands large sums of money.

Akira uses a unique double extortion tactic. First, it steals confidential data from victims and then encrypts their devices and files. The ransomware is configured to encrypt data, create a ransom note and delete "Windows Shadow Volume" backups on the affected devices. It modifies the names of all encrypted files, adding the extension ".akira".

**Identifying malicious emails: a guide for your IT team**

Some warning signs to watch out for:

Unexpected attachments: an email containing an unexpected attachment should arouse suspicion and may indicate malicious intent;
Generic greetings: many phishing emails begin with impersonal greetings, for example "Dear Customer," signaling potential threats;
Urgent action requirements: emails that induce urgency or require immediate action should be treated with suspicion;
Emails from dubious senders: check the authenticity of the sender. Cybercriminals often make small changes to known email addresses to trick recipients;
Dangerouslinks and call-to-action buttons: including malicious links is a common feature of this type of email. It is important to exercise caution and avoid clicking on links or call-to-action buttons immediately.

Steps to protect your organization

Some steps you can take to protect your organization:

Install Anti-Malware Software: this software can detect and remove malware from your system;
Educate your employees: make sure your employees are well informed about the risks associated with suspicious emails and the importance of not opening them;
Keep your systems up to date: regularly updating your systems can protect you against known threats.

Remember that, as decision-makers or users, it is everyone's responsibility to stay alert and protect organizations from malware threats. Share this article with others within your organization to raise awareness of malware in emails.

Other related articles

My first experience at BlackHat

Understanding how important it is to be up-to-date on the latest techniques and methods used by attack teams and threat actors, I was able to attend the BlackHat USA 2023 conference for the first time.

Read article

Testimonial Jornadas FCCN: Rui Canizes - IPDJ

Rui Canizes, Head of Technological Infrastructures Division at the Portuguese Institute for Sports and Youth (IPDJ), tells us what the Jornadas have been for him.

Read article

Testimonial Jornadas FCCN: António Luís Lopes - ISCTE-IUL

António Luís Lopes, responsible for the information systems development team at ISCTE-Instituto Universitário de Lisboa, tells us what the conference usually means to him and what are the expectations for the 2023 edition.

Read article

Testimonial Jornadas FCCN: Tiago Guedes - Universidade Nova de Lisboa

The Jornadas FCCN are approaching and we are sharing testimonies from our community about the importance of this moment of encounter.

Read article

1st RCTS Cyberrange: a controlled space to train in defending and attacking computer systems

This cybersecurity initiative had 64 participants from 26 different institutions, divided into 10 groups. The winning team was made up of members from the University of Coimbra and the Polytechnic Institute of Cávado and Ave.

Read the news

7 tips for safe online shopping

Safe online shopping is especially important on Black Friday and Cyber Monday. Here are seven tips to ensure safe transactions.

Read the news

European Cybersecurity Month. Protecting the community

October is another Cybersecurity Month. Throughout the month, the FCCN Unit will be taking part in this initiative coordinated by ENISA and the European Commission.

Read the news

Unit FCCN launches digital service catalog

FCCN launches a digital catalog of services, dedicated to the solutions it provides for the academic community. An up-to-date digital portfolio that is easy to consult.

Read the news

Safer Internet Day (SID) 2024: Viseu hosts this year's initiative dedicated to Artificial Intelligence

February 6th marks the 21st edition of Safer Internet Day (SID). The Safer Internet Center Consortium is organizing this national commemorative event, which will be held this year in Viseu. The SID Summit 2024 program is dedicated to Artificial Intelligence.

More info

Registration for the Jornadas FCCN 2023 is now open

The 14th edition of the Jornadas FCCN will take place at the Naval School - Alfeite Base in Almada, between June 27 and 29, 2023. Registration is now open and can be done via the event's new dedicated website.

More info

CSIRT-in-a-box 2022

RCTS CERT organizes, on November 3 and 4, a new edition of the CSIRT-in-a-Box Workshop.

More info

"Unity FCCN exists to serve the community. The Jornadas da Unidade FCCN are extremely important"

"One of the goals we have, in organizing the Days, is to take them around the country. We like to go to the institutions we work for. We get to know them better and they get to know us better."

More info