The 2019 Threat Report

The new norm with cybersecurity is discovering new attack methods and new threats which emerge daily and new vectors that are being tested by cyber criminals, according to the 2019 Webroot Threat Report.

According to the Webroot Threat Report:

  • 40 percent of malicious malware were found on good domains. , “Since legitimate websites are frequently compromised to host malicious content. Those who use intermediary devices without SSL inspection capabilities should be aware of potential loopholes in their security policies due to this behavior.”


  •  Home users are more than twice as likely be infected.
    Home users are not immune; their routers serve as the hub for networks and smart home devices (IoT), yet most users can’t log into their Linux-based routers to see what they are doing. Meanwhile a hacker can learn everything about a user’s environment, can redirect URLs, carry out man-in-the-middle attacks, and even inject cryptojacking scripts.


  • Phishing attacks increased 36% with the number of phishing sites growing 220% over the course of 2018. Phishing sites now use SSL certificates and HTTPS to trick internet users into believing they are secure, legitimate pages. 77% of phishing attacks impersonated financial institutions, and were much more likely to use HTTPS than other types of targets. In fact, for some of the targeted financial institutions, over 80% of the phishing pages used HTTPS. Google was found to be the most impersonated brand in phishing overall. Switch to DuckDuckGo Search Engine.


  • After 12 months of security awareness training, end users are 70 percent less likely to fall for a phishing attempt. Webroot found that organizations who combine phishing simulation campaigns with regular training saw a 70 percent drop in phishing link click-through.


  • Nearly a third of malware tries to install itself in %appdata% folders. Malware can hide almost anywhere, Webroot found several common locations, including %appdata% (29.4 percent), %temp% (24.5 percent), and %cache% (17.5 percent), among others. These locations are the best for hiding malware because these paths are in every user directory with full permissions to install there. 



  • Even through the prices for cryptocurrency have dropped,  cryptomining and cryptojacking are on the rise. The number of cryptojacking URLs Webroot saw each month in the first half of the year more than doubled in the period from September through December 2018. These techniques can be more effective than ransomware attacks, since they don’t require waiting for the user to pay the ransom, and they have a smaller footprint. As far as web-based cryptojacking.


  • While ransomware was less of a problem in 2018 but it has became more targeted. New ransomware families will emerge as malware authors turn to more targeted attacks, and companies will still fall victim to ransomware. Many ransomware attacks in 2018 used the Remote Desktop Protocol (RDP) as an attack vector, leveraging tools such as Shodan to scan for systems with inadequate RDP settings. These unsecured RDP connections may be used to gain access to a given systems and deploy ransomware.

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.