The Cybersecurity Observatory bulletin states that in the first half of this year 847 incidents were registered by the National Cybersecurity Center (CERT.PT), while in the same period of 2020 there were 689 and, in 2019, there were 378.
The document states that, in 2021, there was an increase of 23% compared to 2020 and 124% compared to 2019, with the months of April 2020, with 150 incidents, and February this year, with 190, those which recorded the highest values .
“The first half of 2020 was a period that clearly showed the effects of social confinement on cybersecurity. As of March, the number of incidents registered by CERT.PT increased to uneven levels. Although a decline later occurred, it did not return to pre-pandemic levels. The first half of 2021 reinforced this idea, with even higher values and peaks parallel to moments of greater social confinement”, the bulletin states.
The Cybersecurity Observatory also indicates that the periods of state of emergency (from March to May 2020 and from November 2020 to April 2021) coincide with “the upward curves in terms of incident records by CERT.PT”.
According to the same document, 'phishing' (a cybercrime technique that uses fraud or deception to manipulate people and obtain confidential information) continues to be the most frequent type of incident among those registered by CERT.PT, followed by “social engineering".
In the first half, ‘phishing’ reached 40% of incidents, while in the same period in 2020 it accounted for 38%, and “social engineering” rose from 0.4% of the total in the first half of 2020 to 13% this year.
“The prominent places of 'phishing' and social engineering show the importance of the human factor. Phishing is a form of manipulation that leads users to share sensitive information. One of the techniques most used by attackers is the argument of authority, that is, the simulation of the identity of an entity with sufficient authority to not raise suspicion", says the bulletin, noting that the sector most targeted by this strategy in Portugal is the banking sector.
The most common cases categorized as “social engineering” by CERT.PT this year were 'sextortion' (49%), CEO Fraud (12%), the attempted fraud through a fictitious inheritance case (11%) and fraud through the MBWay platform (7%).
The Cybersecurity Observatory explains that 'sextortion' is extortion based on the threat of exposure of alleged intimate images, CEO Fraud occurs when someone impersonates an organization's head, requesting a bank transfer from a subordinate, the fraud through fictitious inheritance case seeks gains with promise of money and MBWay's use cases concern alleged buyers who lead online sellers to improperly transfer money.
“The importance of the human factor in at least 53% of incidents recorded in the 1st half of 2021 (40% 'phishing' + 13% social engineering) raises the hypothesis that social confinement somehow correlates with strategies attacks that exploit this vector”, stresses the bulletin.