Webroot: Cybercriminals the 'True Innovators,' Malicious URLs Rise

The true innovators in cybersecurity are the cybercriminals, who continue to find new ways to combine attack methods, or compromise new and existing vectors for maximum results.

That’s according to the 2019 Webroot Threat Report. The report is derived from metrics captured and analyzed by Webroot’s cloud-based machine learning architecture.

Webroot’s Tyler Moffitt

Tyler Moffitt, senior threat research analyst at Webroot, tells us the most surprising finding was that a massive 40 percent of malicious URLs were found on good domains. This indicates how legitimate websites are frequently compromised, rendering whitelists ineffective, he said.

To ensure protection, organizations need security solutions with URL-level visibility, or when that’s unavailable, domain-level metrics to accurately determine sites’ risk levels.

“Further validating how seemingly benevolent websites can actually be risky, 93 percent of phishing domains found in September and October 2018 were on HTTPS sites,” Moffitt said. “Additionally, it’s surprising that cryptojacking continues to be so prevalent despite the reduction in cryptocurrency prices. There were more than twice as many cryptojacking URLs found between September and December 2018 than were found each month of the first half of the year.”

Phishing attacks increased 36 percent, with the number of phishing sites growing 220 percent over the course of 2018. Phishing sites now use secure sockets layer (SSL) certificates and HTTPS to trick internet users into believing they are secure, legitimate pages. Seventy-seven percent of phishing attacks impersonated financial institutions, and were much more likely to use HTTPS than other types of targets.

For some of the targeted financial institutions, more than 80 percent of the phishing pages used HTTPS. Google was found to be the most impersonated brand in phishing overall, according to the report.

“The report demonstrates how attack trends are quickly evolving as cybercriminals regularly pivot from one attack vector to another, underlining the need for MSPs and MSSPs to provide their customers with solutions that enable a multilayered defense in order to keep up to date with the latest threats and approaches,” Moffitt said. “Additionally, the report reveals how important it is for MSPs and MSSPs to provide their customers with security awareness training, as it’s proving extremely effective; the report found that after completing 12 months of training, end users are 70 percent less likely to fall for a phishing attempt.”

While ransomware was less of a problem in 2018, it became more targeted. Ransomware is expected to decline further in 2019; however, new ransomware families will emerge as malware authors turn to more targeted attacks, and companies will still fall victim to ransomware.

“Organizations need to be more aware of security threats and the various vectors cybercriminals are exploiting,” Moffitt said. “From our findings, Windows 10 is more than two times more secure than Windows 7 due to the mandatory updates and patching that is required in Windows 10. I also suggest they be more diligent about assessing risk to understand the value of what they have. Finally, they need to create a layered approach that protects multiple threat vectors. Above all else, they need to train their employees and other users to be assets – not weak links – in their cybersecurity program.”