Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 31 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

2019 Webroot Threat Report: Forty Percent Of Malicious URLs Found On Good Domains.

by The Gurus
March 1, 2019
in Featured, Security News
2019 Webroot Threat Report:  Forty Percent Of Malicious URLs Found On Good Domains.
Share on FacebookShare on Twitter

Webroot, the Smarter Cybersecurity® company, revealed the results of the 2019 Webroot Threat Report, showcasing that while tried-and-true attack methods are still going strong, new threats emerge daily, and new vectors are being tested by cybercriminals. The report is derived from metrics captured and analysed by Webroot’s advanced, cloud-based machine learning architecture: the Webroot® Platform.

Notable Findings:

40 percent of malicious URLs were found on good domains. Legitimate websites are frequently compromised to host malicious content. To protect users, cybersecurity solutions need URL-level visibility or, when unavailable, domain-level metrics, that accurately represent the dangers.

Home user devices are more than twice as likely to get infected as business devices. Sixty-eight percent of infections are seen on consumer endpoints, versus 32 percent on business endpoints.

Phishing attacks increased 36 percent, with the number of phishing sites growing 220 percent over the course of 2018. Phishing sites now use SSL certificates and HTTPS to trick internet users into believing they are secure, legitimate pages. Seventy-seven percent of phishing attacks impersonated financial institutions, and were much more likely to use HTTPS than other types of targets. In fact, for some of the targeted financial institutions, over 80 percent of the phishing pages used HTTPS. Google was found to be the most impersonated brand in phishing overall.

After 12 months of security awareness training, end users are 70 percent less likely to fall for a phishing attempt. Webroot found that organizations that combine phishing simulation campaigns with regular training saw a 70 percent drop in phishing link click-through.

Nearly a third of malware tries to install itself in %appdata% folders. Although malware can hide almost anywhere, Webroot found several common locations, including %appdata% (29.4 percent), %temp% (24.5 percent), and %cache% (17.5 percent), among others. These locations are prime for hiding malware because these paths are in every user directory with full user permissions to install there. These folders also are hidden by default on Windows® Vista and up.

Devices that use Windows 10 are at least twice as secure as those running Windows 7. Webroot has seen a relatively steady decline in malware on Windows 10 machines for both consumer and business.

Despite the decrease in cryptocurrency prices, cryptomining and cryptojacking are on the rise. The number of cryptojacking URLs Webroot saw each month in the first half of the year more than doubled in the period from September through December 2018. These techniques can be more lucrative than ransomware attacks, since they don’t require waiting for the user to pay the ransom, and they have a smaller footprint. As far as web-based cryptojacking, Coinhive still dominates with more than 80 percent market share, though some new copycat cryptojacking scripts are gaining in popularity.

While ransomware was less of a problem in 2018, it became more targeted. We expect major commodity ransomware to decline further in 2019; however, new ransomware families will emerge as malware authors turn to more targeted attacks, and companies will still fall victim to ransomware. Many ransomware attacks in 2018 used the Remote Desktop Protocol (RDP) as an attack vector, leveraging tools such as Shodan to scan for systems with inadequate RDP settings. These unsecured RDP connections may be used to gain access to a given system and browse all its data as well as shared drives, providing criminals enough intel to decide whether to deploy ransomware or some other type of malware.

Key Quote:

Hal Lonas, CTO, Webroot:

“We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, above all, train your users to be an asset—not a weak link—in your cybersecurity program.”

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

YouTube blocks comments on videos of children.

Next Post

SentinelOne Collaborates With Intel To Increase Detection Rates Of Cryptominer And Advanced Memory-Based Attacks.

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information