Complete I.T. Blog

Webroot’s Cybersecurity Report Summary – Blog

by | Nov 5, 2018 | Archived Articles


Our Cyber security partners Webroot released their cybersecurity report a few weeks back – this report summarises Webroot’s discoveries and analysis of threat activity over the last year. Here at Complete I.T. we know you are busy scaling your businesses, so we have condensed the 24 page report into today’s blog post. Don’t fancy digesting words? See our infographic instead

The importance of updating operating systems:

A common theme in the report is the importance of adopting the latest operating systems. Home users are adopting Windows 10 at rapid pace, but on the other side of the table businesses are making the move at a much slower pace – in 2017 only 20% of observed business computers were running the Windows 10 operating system. Organisations operating on Windows 7, which remains the second most common operating system seen by Webroot, are encountering almost twice as much risk as those organisations who are running Windows 10. Do you remember the breakout of the WannaCry ransomware attack in 2017? Almost all of the devices that fell victim were running Windows 7.

Ransomware and Cryptojacking:

2017 saw the rise of the two largest ransomware attacks in history – WannaCry and NotPetya. Together these pieces of ransomware infected 200,000 machines in just 24 hours. During the same year another prolific form of malware entered the world called NotPetya, with estimated damages equating to around 1.2 billion US dollars.

Cryptojacking is also gaining a lot of traction and could turn out to be much more profitable than other cyber attacks. Unlike ransomware which steals victims files and demands a ransom for them to be returned, cryptojacking steals the victims processing power to mine for cryptocurrency like Bitcoin. This method was first seen in September 2017 when CoinHive debuted JavaScript code to mine cryptocurrency Monero. CoinHive claimed it was an advert free way for website owners to generate enough income to pay for their servers and began to quickly hijack websites to host cryptojacking scripts. Since 2017 Webroot have seen more than 5,000 websites that have been compromised to mine Monero.

IP Addresses and URLs:

Each year Webroot sees tens of millions of IP addresses that are determined to be malicious – a malicious IP address could be compromised computers that send out spam, open proxies that allow anonymous traffic to pass through, or unsecured IoT devices that are part of a botnet distributing malware. Webroot categorise malicious IP addresses as spam, windows exploits, scanners, botnets, Denial of Service attack proxies, web attacks, phishing and mobile threats – 84% of malicious IPs represent spam and scanners. You might be wondering what scanners relate to; they aren’t the things you use to scan hard copy documents, but scanner attacks. During scanner attacks, hackers scan the network environment to learn its specifics – things like the software being used, the network configuration and user data – so that they can mount an attack that has been tailored to that specific environment.

Now on to URLs – thousands of new websites are created each day specifically to carry out cyberattacks. This creates an issue for organisations trying to safeguard their users against malicious sites – even when an organisations safeguarding systems identify a URL as benign, or in other words non-malicious, in a matter of minutes or hours the same site could have been compromised and now contains malicious materials. Webroot has found that certain types of sites are more likely to be high-risk or suspicious. These include business and economy, shopping, society, streaming media, and shareware and freeware sites. Those most likely to be trustworthy, based on the URLs observed by Webroot in 2017, include health and medicine, news and media, and society sites. In 2017, Webroot found that 25% of all URLs were malicious, suspicious or moderately risky.

Phishing attacks:

Webroot’s research team found phishing to be one of the most used and most successful attack vectors. Phishing attacks rely on social engineering, drawing on themes that are relevant or interesting to the targeted individual. When the victim clicks on the link or opens an infected attachment, they open their systems up to the attacker. Webroot found that most phishing sites were only online for 4-8 hours, with the shortest being online for just 15 minutes. This highlights the need for organisations to use real time anti phishing solutions that can assess a sites’ phishing status in real time. The most impersonated sites set up for a phishing attack in 2017 were Google, Microsoft, Dropbox, Facebook, PayPal and Yahoo.

Learn how we can help your business combat the threats outlined in Webroot’s report by booking a meeting with us, or learning some more about our Complete Cybersecurity package.