Webroot uses 67 million real-world sensors around the globe to predict emerging threats. In the 2019 Webroot Threat Report, they found that traditional attack approaches are still going strong, and new methods are tried and tested every day.
According to Webroot CTO Hal Lonas, “Agile isn’t just a watchword for software development. It has also found its way into the world of cybercrime. In 2018, we saw numerous instances of agility and innovation as cybercriminals evolved their approaches, combined attack methods and incorporated more artificial intelligence to wreak havoc.”
The findings and insights in the 2019 report bring further clarity to the threats we see today and offer guidance to help people better prepare for and address attacks in the coming year.
Here are some key takeaways:
- A massive 40 percent of malicious URLs were found on good domains. Those who use intermediary devices without SSL inspection capabilities should be aware of potential loopholes in their security policies due to this behavior.
- Phishing attacks increased 36 percent, with the number of phishing sites growing 220 percent throughout 2018.
- Nearly 54 percent of malware in 2018 hid in the %appdata% and %temp% folders. Although malware can hide almost anywhere, Webroot found several common locations, including %appdata% (29.4 percent), %temp% (24.5 percent), and %cache% (17.5 percent), among others.
- Devices that use Windows 10 are at least twice as secure as those running Windows 7. Over the last year, Webroot saw a relatively steady decline in malware on Windows 10 machines for both consumer and business.
- On average, consumer devices are infected more than twice as often as their business counterparts. However, the business landscape is not populated solely by corporate-owned PCs. Many companies allow their employees to connect their personal devices, including PCs, to the corporate network, which significantly increases the level of risk to the organization.
So how can you protect yourself and your business?
Webroot stresses the importance of timely security awareness training that is continuously updated to help users avoid the latest threats. They found that after 12 months of training, end users were 70% less likely to fall for a phishing attempt. Training, along with contextual analysis and advanced endpoint and network protection, can help any organization reduce its exposure to risk.