sb-as logo
Story image

Phishing URLs grew by 640% last year - report

There has been a 640% increase in phishing attempts and a 125% increase in malware targeting Windows 7, according to a report released recently by OpenText.

As more effective countermeasures are arriving on the market, cybercriminals are tailoring their behaviour to increase their innovation and agility, while seeking out new ways to evade defences.

As a constantly evolving aspect of technology, cybercrime and the security measures taken against it are always changing. 

But according to the report, the more things change, the more things stay the same. At least in part. 

The research from OpenText highlights not only the agility and innovation of cybercriminals who continue to seek out new ways to evade defences, but also their commitment to long-established attack methods.

“In the cybersecurity industry the only certainty is that there is no certainty, and there is no single silver bullet solution,” says OpenText senior vice president and CTO Hal Lonas. 

“The findings from this year’s report underline why it’s critical that businesses and users of all sizes ensure they’re not only protecting their data but also preparing for future attacks by taking simple steps toward cyber resilience through an approach that addresses user behaviour and the best protection for network and endpoints,” says Lonas.  

Notable Findings: 

Phishing URLs encountered grew by 640% in 2019. 

  • 1 in 4 malicious URLs is hosted on an otherwise non-malicious domain.
  • 8.9 million URLs were found hosting a cryptojacking script. 
  • The top sites impersonated by phishing sites or cybercriminals are Facebook, Microsoft, Apple, Google, PayPal and DropBox. 
  • The top five kinds of websites impersonated by phishing sites are crypto exchanges (55%), gaming (50%), web email (40%), financial institutions (40%) and payment services (32%).

Malware targeting Windows 7 increased by 125%. 

  • 93.6% of malware seen was unique to a single PC – the highest rate ever observed.
  • 85% of threats hide in one of four locations: %temp%, %appdata%, %cache%, and %windir%, with more than half of threats (54.4%) on business PCs hiding in %temp% folders. This risk can be easily mitigated by setting a Windows policy to disallow programs from running from the temp directory. 
  • IP addresses associated with Windows exploits grew by 360%, with the majority of exploits targeting out-of-date operating systems. 

  Consumer PCs remain nearly twice as likely to get infected as business PCs.   

  • The data reveals that regions most likely to be infected also have the highest rates of using older operating systems.
  •  Of the infected consumer devices, more than 35% were infected more than three times, and nearly 10% encountered six or more infections.
  • The continued insecurity of consumer PCs underscores the risk companies face in allowing employees to connect to business networks from their personal devices. 


The report is derived from metrics captured and analysed by Webroot’s advanced, cloud-based machine learning architecture: the Webroot Platform.

Story image
CompTIA forms Cybersecurity Advisory Council, led by 16 security execs
The new body will be co-chaired by Tech Data director of security solutions Tracy Holtz, and Alvaka Networks chief operating officer and chief information security officer Kevin McDonald.More
Story image
APAC secure content management market to hit $2.2 billion by 2024
The proliferation of cloud-based deployments will largely drive this, the report says, as the COVID-19 pandemic motivates more enterprises to move their workloads to the cloud and rely more on the internet. More
Story image
Kaspersky steps in to protect automotive industry from cyber threats
The company’s TI report, previously available for a selected range of customers, is able to provide car manufacturers with in-depth analysis of industry-specific security threats.More
Story image
App security not keeping up with rapid development — Radware
“With more than 70% of respondents reporting that their production apps have already left the data centre, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments.”More
Story image
Sophos unearths origin of prominent cryptominer
The cryptominer was recently discovered when attackers targeted internet-facing database servers (SQL servers), and the MrbMiner was downloaded and installed.More
Story image
Users pay with personal data - Kaspersky on WhatsApp move to share data with Facebook
"Nothing is truly free, and, unfortunately, the current business model for free services means that, essentially, we pay with our data."More