Webroot, an OpenText company, last year observed a staggering 640% increase in phishing attempts and a 125% increase in malware targeting Windows 7.

The 2020 Webroot Threat Report highlights not only the agility and innovation of cybercriminals who continue to seek out new ways to evade defenses, but also their commitment to long-established attack methods. The report analyzed samples from more than 37 billion URLs, 842 million domains, 4 billion IP addresses, 31 million active mobile apps and 36 billion file behavior records.

Webroot’s Tyler Moffitt

Tyler Moffitt, Webroot‘s security analyst, tells us the growth in phishing attempts can be attributed to how they deliver a “tremendous” return on investment for cybercriminals, and phishing attempts are easy and cheap to launch, yet continue to trick under-educated end users into downloading malware or sharing their credentials. Phishing is one of the most successful delivery methods for malware, he said.

“The growth in malware targeting Windows 7 can largely be attributed to how Microsoft announced in early 2019 they will be ending support — and therefore no longer patching vulnerabilities within — the operating system in January 2020,” he said. “Cybercriminals were likely aiming to capitalize on all the vulnerable businesses and consumers still using Windows 7 before many of them would presumably upgrade in January 2020. However, even now that support has ended and some businesses and consumers have upgraded, they haven’t been forced to, so there are still plenty of extremely vulnerable devices on Windows 7 — therefore, we expect Windows 7 malware to spike even further in 2020. There are currently over 200 million devices still running Windows 7 and it will only get easier for criminals to breach these machines.”

Cybercriminals also have been leveraging Netflix, Amazon and Target in their phishing attacks, aiming to exploit people’s tendency to reuse passwords to compromise other, more lucrative accounts like online banking, Moffitt said.

“Another surprising finding is a new trend with ransomware that if the victim has adequate backups that prevent paying the ransom, the attacker will extort the victim through the threat of breaching stolen data,” he said. “This is an additional squeeze on the victim because now that the California Consumer Privacy Act (CCPA) is in full effect, victims all over the world would face ramifications of breaches like fines through the General Data Protection Regulation (GDPR) and CCPA.”

Other notable findings:

“Organizations aren’t investing heavily enough in security awareness training, and they aren’t…

…being consistent and vigilant enough in forcing all their employees to regularly prove they are aware of and able to avoid the latest phishing techniques,” Moffitt said. “In addition, organizations aren’t locking down access to powerful Windows tools that are rarely used by the end user, like PowerShell, macros, scripts, etc.”

MSSPs and other cybersecurity providers should be offering their partners the solutions they need to ensure cyber resilience through a defense-in-depth approach, he said. This involves addressing user behavior and determining the best level of protection for their specific network and endpoints, he said.

“In the cybersecurity industry, the only certainty is that there is no certainty, and there is no single silver bullet solution,” said Hal Lonas, OpenText‘s senior vice president and CTO, SMB and consumer. “The findings from this year’s report underline why it’s critical that businesses and users of all sizes ensure they’re not only protecting their data but also preparing for future attacks by taking simple steps toward cyber resilience through a defense-in-depth approach that addresses user behavior and the best protection for network and endpoints.”