The Webroot® Threat Report: Mid-Year Update, explores the evolving cybersecurity landscape. Based on trends observed in the first half of 2019, Webroot found that 1 in 50 URLs are malicious, nearly one-third of phishing sites use HTTPS and Windows® 7 exploits have grown 75% since January. This report also highlights the importance of user education, as phishing lures have become more personalized as hackers use stolen data for more than just account takeover.
Tyler Moffitt, Webroot’s Senior Threat Research Analyst, confirmed, “We are beginning to see hackers create more personalized phishing emails using data gathered in recent massive breaches, as well as the use of HTTPS and trusted domains to seem more legitimate. These tactics take advantage of familiarity and context, and result in unwarranted trust. Businesses and consumers need to be aware of and continually educate themselves about these evolving methods and risks to protect their data and devices.”
Key Report Findings:
- Hackers are using trusted domains and HTTPS to trick victims.
- Nearly a quarter (24%) of malicious URLs were found to be hosted on trusted domains, as hackers know trusted domain URLs raise less suspicion among users and are more difficult for security measures to block.
- 1 in 50 URLs (1.9%) were found to be malicious, which is high given that nearly a third (33%) of office workers click more than 25 work-related links per day.
- Nearly a third (29%) of detected phishing web pages use HTTPS as a method to trick users into believing they’re on a trusted site via the padlock symbol.
- Phishing continued rapid growth into 2019, and criminals are expanding their phishing targets.
- Phishing grew rapidly, with a 400% increase in URLs discovered from January to July 2019.
- The top industries impersonated by phishing include
- 25% are SaaS/Webmail providers
- 19% are financial institutions
- 16% social media
- 14% retail
- 11% file hosting
- 8% payment services companies
- Phishing lures are becoming increasingly personalized as more PII is collected from breaches.
- Phished passwords are used for more than account takeover, specifically: extortion emails claiming they’ve been caught doing something embarrassing or damaging that will be shared with colleagues, friends and family unless a ransom is paid.
- Phishing doesn’t always target usernames and passwords. These attacks also go after secret questions and their answers.
- Windows 7 is becoming even riskier, with infections increasing by 71%.
- Between January and June, the number of IPs that host Windows exploits grew 75%
- Over 75% of malware on Windows systems hides in one of three places:
- 41% in %temp%, 24% in %appdata% and 11% in %cache%.
- Businesses can easily set policies to restrict execution of any application from the %temp% and %cache% locations, preventing more than 50% of infections.
- Malware samples seen on only one PC are at 95.2%, up from 91.9% in 2018
- Out of all infected PCs, 64% were home user machines, and 36% were business devices, likely because home users aren’t protected by corporate firewalls and security policies and may not be updated as regularly.