DIGITAL LIFE
The latest Check Point report on cyber threats for May 2025 reveals a new leader in the cybercrime landscape: the SafePay ransomware. This fast-rising threat has become the most prominent in its category, while the FakeUpdates malware continues to be the most widespread malicious software globally.
For Portugal, the data indicates a worsening of the cybersecurity scenario. The country dropped five positions in the global risk index, to 45th place, in a month in which the main threat in the country was, precisely, FakeUpdates.
The main question for companies and users is to know what the SafePay ransomware is. First identified in November 2024, this is a cybercrime group that uses a double extortion model: in addition to encrypting the victim's files, the attackers exfiltrate sensitive data and threaten to release it in order to force the ransom to be paid. Its operational structure is centralized, which gives it tactical consistency.
Among the main current ransomware threats are Qilin, which operates as a service (RaaS) and attacks large companies through phishing, and Play, which exploits vulnerabilities in VPNs to compromise critical infrastructures.
The most common malware in Portugal in 2025, during the month of May, was FakeUpdates (also known as SocGholish), responsible for 7.01% of detections. This downloader, coded in JavaScript, serves as a gateway for other threats. Next on the national list were Remcos (3.45%), a remote access Trojan, and Androxgh0st (3.22%), a malware that aims to steal credentials for cloud services through flaws in Laravel applications.
The prevalence of these threats contributed to an increase in cybersecurity risk in Portugal, reflected in the country's drop in the global ranking by Check Point.
Mobile threats and the most attacked sectors...Security threats on Android mobile phones continue to be a significant attack vector. The report highlights the Anubis banking Trojan, which can bypass multi-factor authentication; AhMyth, a remote access Trojan (RAT) that spies on the user; and Necro, a downloader that can sign victims up for paid services.
The sectors most attacked by ransomware and other threats, both in Portugal and globally, were Education/Research, Public Administration/Defense and Telecommunications, demonstrating persistent vulnerabilities in these areas.
In conclusion, the May 2025 cyberthreat analysis reveals a dangerous and dynamic ecosystem, led by the rise of SafePay ransomware. The persistence of FakeUpdates malware and the deterioration of cybersecurity in Portugal underscore the need for constant vigilance and robust defense strategies adapted to each type of threat.
For the full May 2025 Global Threat Index and additional information, visit the Check Point Blog (https://blog.checkpoint.com/)
mundophone
No comments:
Post a Comment