International. The company Webroot revealed the results of the 2019 Webroot Threat Report, showing that while the proven attack methods remain strong, new threats are emerging daily and cybercriminals are testing new vectors. The report is derived from metrics captured and analyzed by Webroot's cloud-based machine learning architecture: the Webroot platform.
Explore the Webroot Threat Report 2019
Notable findings:
- 40 percent of malicious URLs were found on good domains. Legitimate websites frequently compromise to host malicious content. To protect users, cybersecurity solutions need visibility at the URL level or, when unavailable, domain-level metrics, which accurately represent hazards.
- Home user devices are more than twice as likely to get infected as business devices. Sixty-eight percent of infections are seen at consumer endpoints, versus 32 percent at business endpoints.
- Phishing attacks increased by 36 percent, and the number of phishing sites grew by 220 percent over the course of 2018. Phishing sites now use SSL and HTTPS certificates to trick internet users into believing they are legitimate and secure pages. Seventy-seven percent of phishing attacks impersonated financial institutions and they were much more likely to use HTTPS than other types of targets. In fact, for some of the selected financial institutions, more than 80 percent of phishing pages used HTTPS. Google was found to be the most impersonated brand in phishing overall.
- After 12 months of security awareness training, end users are 70 percent less likely to fall for a phishing attempt. Webroot found that organizations that combine phishing simulation campaigns with regular training experienced a 70 percent drop in phishing link.
- Nearly a third of malware attempts to install itself in %appdata% folders. Although malware can be hidden almost anywhere, Webroot found several common locations, including %appdata% (29.4 percent), %temp% (24.5 percent), and %cache (17.5 percent), among others. These locations are paramount to hiding malware because these paths are in each user directory with full user permissions to install there. These folders are also hidden by default in Windows® Vista and above.
- Devices running Windows 10 are at least twice as safe as those running Windows 7. Webroot has seen a relatively steady decline in malware on Windows 10 machines for both the consumer and the business.
- Despite the decline in cryptocurrency prices, crypto and cryptojacking are on the rise. The number of cryptojacking URLs Webroot saw each month in the first half of the year more than doubled in the period between September and December 2018. These techniques can be more lucrative than ransomware attacks, as they do not require the user to pay. The rescue, and they have a smaller footprint. As for web-based cryptojacking, Coinhive still dominates with over 80 percent market share, although some new copycat cryptojacking scripts are gaining popularity.
- While ransomware was a minor issue in 2018, it became more specific. We expect commodity ransomware to decline further in 2019; however, new ransomware families will emerge as malware authors turn to more targeted attacks and companies will still fall victim to ransomware. Many ransomware attacks in 2018 used Remote Desktop Protocol (RDP) as an attack vector, leveraging tools like Shodan to search for systems with inadequate RDP configurations. These unsecured RDP connections can be used to gain access to a given system and scan all of its data as well as shared drives, providing criminals with the information needed to decide whether to deploy ransomware or some other type of malware.
