The new Webroot® 2015 Threat Brief reveals that 85,000 new malicious IPs are launched every day, and the top phishing targets are technology companies and financial institutions. Conducted by Webroot, the market leader in collective threat intelligence and smarter cybersecurity for endpoints, this year's report provides the latest cyber threat trends collected from tens of millions of users and over 30 security technology partners and shows how collective threat intelligence that is shared across users and organizations is the only winning way to fight cybercrime.
Key findings from the Webroot 2015 Threat Brief include:
- The United States accounts for 31% of malicious IP addresses, followed by China with 23% and Russia with 10%. Overall, half of malicious IP addresses are based in Asia.
- The average reputation score of all URLs is 65%. Surprisingly, some categories that might be assumed suspicious or unwanted due to their nature are relatively reputable. For example, URLs tied to Cheating (85%), Hate and Racism (82%), Violence (77%), Adult and Pornography (65%), and Nudity (65%) are relatively reputable when compared to the average scores.
- There is a 30% chance of Internet users falling for a zero-day phishing attack in the course of a year, and there was an over 50% increase in phishing activity in December 2014. This is most likely due to the holiday season.
- On average, there are nearly 900 phishing attempts detected per financial institution, but over 9,000 attempts detected per technology company. Top five technology companies impersonated by phishing sites are: Google, Apple, Yahoo, Facebook and Dropbox.
- When evaluating phishing sites by country, the United States is by far the largest host of phishing sites, with over 75% of sites being within its borders.
- On average, only 28% of apps on the Android platform were trustworthy or benign, which fell from 52% in 2013, nearly 50% were moderate or suspicious, and over 22% were unwanted or malicious. Trojans make up the vast majority of malicious threats, averaging 77% for 2014.
The Webroot 2015 Threat Brief contains insights, analysis, and information on how collective threat intelligence can protect organizations from sophisticated attacks. During 2014, Webroot found tens of millions of instances of malware and PUAs, monitored billions of IP addresses and URLs, analyzed millions of new and updated mobile apps for malicious behavior, and studied major malware trends based on data from millions of endpoints.
"Webroot has seen a continued rise in the number of malicious URLs, IP addresses, malware, and mobile applications used to enable cybercriminals to steal data, disrupt services, or cause other harm," said Hal Lonas, chief technology officer at Webroot. "With more breaches at major retailers, financial institutions and technology companies in the headlines and scores of other, smaller breaches in 2014, the trend shows no signs of slowing down. The Webroot 2015 Threat Brief highlights the need for highly accurate and timely threat intelligence to help organizations assess the risk of incoming data, reduce the volume of security incidents, and accelerate response to successful attacks."
2014 also brought an increase in innovative techniques to infect PCs. Most notable was the discovery of Poweliks, a powerful Windows registry exploit, which was fully contained in the registry and did not require a file component to deliver a new infection such as crypto ransomware. Further, five unique PUA families were discovered and hundreds of variants, including widely prevalent CTB/Critroni and Cryptowall 3.0. Each family introduced new innovative social engineering techniques and complexity to the encryption process.
What can individuals and organizations do?
The data shows that organizations need to bolster their security posture with real-time, highly accurate threat intelligence to protect themselves from cybercriminal activity. This enables them to set proactive policies to automatically protect networks, endpoints, and users as part of a defense-in-depth strategy. This is crucial when security teams consider the threat landscape as a whole, in addition to conducting in-depth analysis on the threats targeting them. Individuals also need to be more vigilant than ever about the websites they visit, the URLs they follow from emails, and the applications and mobile apps that they use.
For a copy of the Webroot 2015 Threat Brief and comprehensive analysis of the report findings, visit Webroot in booth #4114 at RSA Conference 2015, held in San Francisco on April 20 - 24, 2015, or download the report online http://www.webroot.com/shared/pdf/Webroot_2015_Threat_Brief.pdf.