Webroot Finds Windows® 7 is Becoming Even Riskier, Infections up by 71%

Also, Phishing Attempts Seen by Webroot Increased by 400%

BROOMFIELD - October 8, 2019

Webroot, a Carbonite (NASDAQ: CARB) company, shared the results of its Webroot® Threat Report: Mid-Year Update, which explores the evolving cybersecurity landscape. Based on trends observed in the first half of 2019, Webroot found that 1 in 50 URLs are malicious, nearly one-third of phishing sites use HTTPS and Windows® 7 exploits have grown 75% since January. This report also highlights the importance of user education, as phishing lures have become more personalized as hackers use stolen data for more than just account takeover.

Explore the Webroot Threat Report: Mid-Year Update

Key Report Findings:

  • Hackers are using trusted domains and HTTPS to trick victims.
    • Nearly a quarter (24%) of malicious URLs were found to be hosted on trusted domains, as hackers know trusted domain URLs raise less suspicion among users and are more difficult for security measures to block.
    • 1 in 50 URLs (1.9%) were found to be malicious, which is high given that nearly a third (33%) of office workers click more than 25 work-related links per day.
    • Nearly a third (29%) of detected phishing web pages use HTTPS as a method to trick users into believing they’re on a trusted site via the padlock symbol.
  • Phishing continued rapid growth into 2019, and criminals are expanding their phishing targets.
    • Phishing grew rapidly, with a 400% increase in URLs discovered from January to July 2019.
    • The top industries impersonated by phishing include
      • 25% are SaaS/Webmail providers
      • 19% are financial institutions
      • 16% social media
      • 14% retail
      • 11% file hosting
      • 8% payment services companies
  • Phishing lures are becoming increasingly personalized as more PII is collected from breaches.
    • Phished passwords are used for more than account takeover, specifically: extortion emails claiming they’ve been caught doing something embarrassing or damaging that will be shared with colleagues, friends and family unless a ransom is paid.
    • Phishing doesn't always target usernames and passwords. These attacks also go after secret questions and their answers.
  • Windows 7 is becoming even riskier, with infections increasing by 71%.
    • Between January and June, the number of IPs that host Windows exploits grew 75%
    • Over 75% of malware on Windows systems hides in one of three places:
      • 41% in %temp%, 24% in %appdata% and 11% in %cache%.
      • Businesses can easily set policies to restrict execution of any application from the %temp% and %cache% locations, preventing more than 50% of infections
    • Malware samples seen on only one PC are at 95.2%, up from 91.9% in 2018
    • Out of all infected PCs, 64% were home user machines, and 36% were business devices, likely because home users aren’t protected by corporate firewalls and security policies and may not be updated as regularly.

Key Quotes:

Tyler Moffitt, Senior Threat Research Analyst, Webroot

We are beginning to see hackers create more personalized phishing emails using data gathered in recent massive breaches, as well as the use of HTTPS and trusted domains to seem more legitimate. These tactics take advantage of familiarity and context, and result in unwarranted trust. Businesses and consumers need to be aware of and continually educate themselves about these evolving methods and risks to protect their data and devices.”

Additional Resources


The Mid-Year Update is an extension of the annual Webroot Threat Report, which examines emerging threats and cybercrime trends from the previous year, and shares perspectives and predictions for the future.

About Webroot

Webroot, a Carbonite company, harnesses the cloud and artificial intelligence to protect businesses and individuals against cyber threats. We provide endpoint protection, network protection, and security awareness training solutions purpose built for managed service providers and small businesses. Webroot BrightCloud® Threat Intelligence Services are used by market leading companies like Cisco, F5 Networks, Citrix, Aruba, Palo Alto Networks, A10 Networks, and more. Leveraging the power of machine learning to protect millions of businesses and individuals, Webroot secures the connected world. Webroot operates globally across North America, Europe, Australia and Asia. Discover Smarter Cybersecurity® solutions at webroot.com.

Social Media: Twitter | LinkedIn YouTube | Facebook

About Carbonite

Carbonite provides a robust data protection platform for businesses, including backup, disaster recovery, high availability and workload migration technology. The Carbonite data protection platform supports businesses on a global scale with secure cloud infrastructure. To learn more, visit www.carbonite.com and follow us on Twitter at @Carbonite.

Carbonite, Inc. serves customers through three brands: Carbonite data protection, Webroot cybersecurity, and MailStore email archiving.

About Us

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world.