Portugal recorded 14 cyber attacks in the first half of this year, an increase of 250% compared to the same period last year and 180% compared to the last six months of 2024, reveals the biannual report Threat Landscape Report from Thales, a European leader in technological solutions for the defense, aerospace, cybersecurity and digital industries. It’s an exponential increase, but it only accounts for security attacks. ransomware (data encryption and blocking, followed by a ransom demand) reported by organizations. Whoever paid the malicious agents for decryption passed the statistical filter.
Cyberattacks on national territory focus “essentially on the industrial sector”, due to the greater ease of accessing the equipment of these organizationsexplains Hugo Nunes, responsible for Thales in Portugal. As noted, many of these companies have old systems, which allow hackers open doors without major obstacles. It is not, however, a problem exclusive to the Portuguese industry. According to the Thales report, 35% of security attacks ransomware registered in the first half of this year at a global level occurred in industries.
Between January and June this year, there were 3,775 ransomware attacks worldwide, an increase of 29.7% compared to the previous six monthssays the Thales report. The most affected country was the United States, which accounted for 1923, followed by Canada (218), Germany (151), the United Kingdom (141) and Italy (92). Spain totaled 58 intrusions.
The Akira group was the most active in Portugal, with three attacks bearing its digital signature. Nightspire, Nitrogen and Warlock each carried out two attacks on entities in the country. According to the report, the number of families ransomware is increasing rapidly, as is the number of attacks, which “generates great concern”. You hackers They also demonstrate an increase in sophistication, as well as constant changes and adaptations in their strategies and work models.
These groups are very similar to traditional organizations, with hierarchical levels and specialized teams. As Hugo Nunes says, “they take advantage of the best business practices and apply them to cybercrime. They work from nine to 6 pm and often have higher budgets than the organizations that are attacked“. These families of malicious agents often resort to the ransomware-as-a-servicethat is, to external collaborators who provide the malware (software that damages or exploits vulnerabilities in digital networks) in exchange for a percentage of the profits obtained from the ransom. There are ransom demands reaching ten million euros, he adds.
The Thales study also highlights that, in the first half of this year, the global sectors that saw the greatest increase in malicious operations were energy and health. The energy industry has attracted attacks for financial reasonsas it is perceived as highly profitable by cybercriminals, and also for political interestsgiven its potential to generate relevant disturbances. The defense industry remains a strategic target due to classified information, use of critical technologies and essential infrastructure, as well as the aeronautical sector, says the report.
Thales, a multinational with a presence in 68 countries, including Portugal, is also one of the world leaders in technologies for the defense, aerospace and cybersecurity sectors. The group, whose annual investment is around four billion euros, employs more than 83 thousand people, 400 of which are distributed across the centers of Lisbon, Porto and the Azores.
Portugal works in the group’s three areas of competence, and is responsible for one of the eight security operations centers of the multinational. This unit has more than 100 clients from different sectors, for which it monitors possible vulnerabilities in technological systems seven days a week, 24 hours a day, detects attacks and provides solutions. It also works in Latin America and Africa. As Paulo Silva, responsible for the security operations center installed in Porto, says, Thales has the tools, the processes and the people.