Five Takeaways from Webroot’s 2018 Cybersecurity Threat Report

Each year, a team of Webroot analysts and threat researchers take a look back at some of the most salient cyber threat trends to emerge over the previous year. With more than 40 million licensed endpoints and a threat intelligence platform capable of integrating information from billions of URLs, domains, IP addresses, files, and mobile apps, Webroot has the capacity to dive deep into the real-world threat landscape. Here are five clear trends that emerged over the course of 2017. 1. Hackers Land Huge Hauls with Phishing Attacks A report released by Verizon in 2017 contained some shocking statistics concerning success rates for phishing attacks. Webroot’s research points to why. Of the more than 1.5 million phishing attacks carried out over the course of the year, most of the sites they directed were live for no more than eight hours. Domain names were recycled frequently to evade static lists and IP masking was a favored technique for covering hackers’ tracks. What does this mean for consumers? Static lists are all but completely ineffective at sniffing out phishing attacks. Threats disappear as fast as they’re recognized. Want to know why Webroot isn’t celebrating another year of decline in the average number of malware files per device? Read the full report to find out. 2. Polymorphism is Malware’s New Normal Old-school antivirus software functioned by keeping static lists of known malicious files downloaded on machines. The advent of polymorphism retired that method as a viable way for keeping malware at bay. Small variations in malware signatures prevent the registering of a match when scanning. Of the hundreds of millions of executable files Webroot analyzes each year, fully 94% of malicious executables were polymorphic. It reinforces the lesson learned from modern phishing attacks. Static threat lists are a thing of the past. Webroot isn’t ready to celebrate another year of decline in the average number of malware files per device. Download the report to learn why. 3. Cryptojacking equals CryptoJackpots for Cybercriminals The best cons leave their marks blissfully unaware they’ve just been hit. Or so we’ve read on the internet. Obliviousness happens to be an additional benefit of a tactic gaining popularity among cybercriminals recently. Cryptojacking involves hijacking the computing power of a machine and reassigning it to the task of cryptomining, the process of adding transactions to a blockchain ledger in exchange for a small transaction fee. Over time, these efforts can lead to steady returns on little effort for cryptojacking operations. Want to know which cryptocurrency was most popular among cryptojackers? Check out the report. 4. Ransomware Makes Millions WannaCry The year 2017 was a big one for ransomware, a particular type of malware that locks a user’s files or hardware to extort a ransom. Two attacks in particular, WannaCry and NotPetya, infected more than 200 thousand devices in more than 100 countries for more than $4 billion in losses. All in under 24 hours. While both attacks were widely discussed and among the most damaging in history, NotPetya was especially nefarious for its intent to damage infrastructure as well as soliciting a ransom. Ransomware attacks, especially successful ones, tend to be high-profile affairs. With a slew of them already grabbing headlines in a still-young 2018, they’re bound to continue being a favored tool of hackers in the year ahead. Spam email campaigns have long been a favorite delivery mechanism for hackers. To find out the new strategy is gaining favor among cybercriminals, check out the full report. 5. Unprotected Mobile Banking Spreads Viruses The total number of smartphone users is expected to eclipse the 2 billion mark by 2019. The year preceding it will undoubtedly see mobile devices gain even more attention from hackers. Malicious apps are by far the preferred method for hacking smartphones. Webroot has analyzed more than 62 million mobile apps to date and found a whopping 32% of those analyzed in 2017 to be malicious in nature.   Credit : http://blog.kaseya.com/blog/2018/05/02/five-key-takeaways-from-webroots-2018-cybersecurity-threat-report/