Webroot: ‘Tremendous’ Return Prompts Massive Jump in Phishing Attempts

Webroot, an OpenText company, last year observed a staggering 640% increase in phishing attempts and a 125% increase in malware targeting Windows 7.

The 2020 Webroot Threat Report highlights not only the agility and innovation of cybercriminals who continue to seek out new ways to evade defenses, but also their commitment to long-established attack methods. The report analyzed samples from more than 37 billion URLs, 842 million domains, 4 billion IP addresses, 31 million active mobile apps and 36 billion file behavior records.

Webroot’s Tyler Moffitt

Tyler Moffitt, Webroot‘s security analyst, tells us the growth in phishing attempts can be attributed to how they deliver a “tremendous” return on investment for cybercriminals, and phishing attempts are easy and cheap to launch, yet continue to trick under-educated end users into downloading malware or sharing their credentials. Phishing is one of the most successful delivery methods for malware, he said.

“The growth in malware targeting Windows 7 can largely be attributed to how Microsoft announced in early 2019 they will be ending support — and therefore no longer patching vulnerabilities within — the operating system in January 2020,” he said. “Cybercriminals were likely aiming to capitalize on all the vulnerable businesses and consumers still using Windows 7 before many of them would presumably upgrade in January 2020. However, even now that support has ended and some businesses and consumers have upgraded, they haven’t been forced to, so there are still plenty of extremely vulnerable devices on Windows 7 — therefore, we expect Windows 7 malware to spike even further in 2020. There are currently over 200 million devices still running Windows 7 and it will only get easier for criminals to breach these machines.”

Cybercriminals also have been leveraging Netflix, Amazon and Target in their phishing attacks, aiming to exploit people’s tendency to reuse passwords to compromise other, more lucrative accounts like online banking, Moffitt said.

“Another surprising finding is a new trend with ransomware that if the victim has adequate backups that prevent paying the ransom, the attacker will extort the victim through the threat of breaching stolen data,” he said. “This is an additional squeeze on the victim because now that the California Consumer Privacy Act (CCPA) is in full effect, victims all over the world would face ramifications of breaches like fines through the General Data Protection Regulation (GDPR) and CCPA.”

Other notable findings:

• One in four malicious URLs is hosted on an otherwise non-malicious domain.
• Some 8.9 million URLs were found hosting a cryptojacking script.
• The top sites impersonated by phishing sites or cybercriminals are Facebook, Microsoft, Apple, Google, PayPal and DropBox.
• The top five kinds of websites impersonated by phishing sites are crypto exchanges (55%), gaming (50%), web email (40%), financial institutions (40%) and payment services (32%).
• Some 93.6% of malware seen was unique to a single PC – the highest rate ever observed.
• IP addresses associated with Windows exploits grew by 360%, with the majority of exploits targeting out-of-date operating systems.

“Organizations aren’t investing heavily enough in security awareness training, and they aren’t…