The Cybersecurity Landscape in 2019

Speaking of 2019, it seems that ransomware attacks are decreasing in occurrences, attackers preferring to turn their attention to other types of attacks such as cryptojacking or formjacking, which allow them to make more money in an easier and more stable way.

Even though some of the threats are often targeting organizations and not consumers, individuals should also be interested in these incidents. As a consumer, you give your personal data and credit card information to various companies and, if it should happen so those businesses get attacked, their data breach could put your personal data at the risk of becoming public or used for fraudulent activities.

To get a better idea of the scene of cybersecurity in 2019 and how the threats evolved since the previous year, let's take a dive into the reports created by security experts.

• 1 in 10 URLs is malicious.
• Formjacking attacks skyrocketed, with more than 4.800 of websites being compromised each month. Symantec blocked 3.7 formjacking attacks in 2018, around 1 million only in the last 2 months of the year. (Symantec)
• Cryptojacking was still dominant in 2018, Symantec blocking around 69 million cryptojacking events in 2018, compared to 16 million in 2017. (Symantec)
• Cryptojacking attacks volume is tied to the value of cryptocurency. When cryptocurency values have fallen, so was the number of cryptocurecy event, many attackers turning their attention towards more profitable types of attacks such as formjacking. (Symantec)
• In 2018, the majority of cryptojacking attacks continued to come from browser-based coinminners, even though there were also incidents when attackers targeted enterprises with the WannaMine cryptojacking script. (Symantec)
• 2018 was the first year to see a decrease in ransomware attacks since 2013. The number of ransomware infections to endpoints dropped by 20%. (Symantec)
• In previous years, ransomware attacks used to target mostly consumers. In 2017, the balance shifted towards enterprises and, in 2018, it increased to the point where 81% of ransomware infections were deployed on enterprises. (Symantec)
• Ransomware attacks on consumers are decreasing because more consumers nowadays use mobile devices and have their data backed up into the cloud, so there is not much loss if an attacker destroys what's on the device itself. (Symantec)
• Almost half of all malicious email attachments in 2018 are Microsoft Office files, increasing from just 5% in 2017. (Symantec)
• Attacks that exploit third-party services and software to compromise a final target increased by 78% in 2018. These attacks include formjacking, hijacking software updates and injecting malicious code into legitimate software. (Symantec)
• Targeted attacks are increasing. The 20 most active cybercriminal groups targeted an average of 55 organizations in 2018, compared to 42 between 2015 and 2017. (Symantec)
• Attacks targeting people involved in state-sponsored espionage increased from 4 in 2017 and 5 in 2016 to 49 in 2018. (Symantec)
• Internet of Things (IoT) attacks remained high and consistent in 2018, the most infected devices being routers (75%) and connected cameras (15%). (Symantec)

• 55% of emails received in 2018 have been categorized as spam, spam continues to increase like it did every year since 2015. (Symantec)
• In 2018, attackers used mostly malicious email attachments so there has been a drop in malicious URLs, accounting for 7.8% in 2018. (Symantec)

• Most targeted organizations in 2018, by industry, were finance (18%), education (13%), health (11%), pharmaceutical (9%), IT (6%). (Source)
• There has been an increase in phishing attacks, using a compromised email to send phishing emails to other employees in the organization. (Source)
• When an email in an organization gets compromised, it can be leveraged to bypass multi-factor authentication, including email-based, SMS-based, and software-based tokens. (Source)
• The chances of an organization to be retargeted by the attackers are increasing. In 2017, 56% of previously breached organizations have been retargeted. In 2018, the number grew to 64%. (Source)
• New APT (advanced persistent threat) groups have been detected in 2018, evolving especially in North Korea, China, Russia, and Iran. (Source)
• Dwell times have decreased significantly, from an average dwell time of 416 days in 2011 to 78 days in 2018, which means organizations have seen an improvement in detecting data breaches. (Source)
• By the decrease in dwell times, it's fair to assume that organizations take investing in effective security measures more seriously, implementing more efficient detection and remediation strategies. (Source)
• Many attacks are notified to the organizations by external sources rather than being discovered internally. Still, it seems that 60% of compromises were detected internally in 2018, compared to 31% in 2014. (Source)

• 56% of organizations have experienced a significant security event in the past year. (Cisco)
• 94% of organizations are aware that they have further to go to implement effective security. (Cisco)
• 43% of organizations admit they have to sometimes take shortcuts to deal with security issues. (Cisco)
• 95% of organizations said they can identify which systems and data within their organization require the most protection. (Cisco)
• Only 11% of mid-level organizations spend at least $1 million annually on security, 46% spend less than $250.000, and 43% spend between $250.000 and $1 million. (Cisco)
• 57% of enterprise organizations spend $250.000 - $1 million on security, 20% spend $1 million, and 23% spend less than $250.000. (Cisco)
• 50% of large organizations spend at least $1 million on security annually, while 43% spend $250.000 - $1 million, and 7% spend less than $250.000. (Cisco)
• 84% of organizations say that they are able to afford some, but not all, of the minimum amount of security they need, enterprise organizations struggling the most. (Cisco)
• 34% of the organizations say they are learning about vulnerabilities and incidents that affect their organization from the news. (Cisco)
• The top security technologies used by organizations are firewalls, email security, network malware protection, cloud threat and workload protection, data loss prevention, encryption, VPN, and secure internet/web gateway. (Cisco)
• Ransomware is not the king of the threats landscape anymore, ransomware incidents dropping in 2018 in favor of more profitable types of attacks such as cryptomining. (Cisco)
• Email is the number one vector for malware distribution (92%) and phishing (96%).
• In a test conducted in 2018, 62% of the phishing simulation campaigns captured at least one set of user credentials. Of all the recipients, almost 25% clicked on the phishing link in the email and half of them entered credentials into the fake websites, which shows many people still fall prey to such attacks. (Cisco)
• Most malware is delivered through emails as attachments. The most common malicious attachments files are Office (42.8%), archive (31.2%), script (14.1%), and PDF (9.9%). (Cisco)

• Kaspersky Lab solutions blocked 843,096,461 attacks launched from online resources in 203 countries across the globe. (Source)
• Attempted infections by malware designed to steal money via online access to bank accounts were logged on the computers of 243,604 users. (Source)
• The Ascub Trojan made several large-scale distribution attempts, reaching 13.000 users per day. (Source)
• In the first quarter of 2019, Kasperky Lab detected 905.174 malicious installation packages, 95.845 packages down on the previous quarter. (Source)
• The most common mobile apps by type are RiskTool (48.59%), Trojan (16.6%), Trojan-Dropper (11.04%), AdWare (8.32%), and Trojan-SMS (5.74%). (Source)

• The countries that have seen the most attacks are Pakistan (3.54%), Iran (31.55%), Bangladesh (28.38%), Algeria (24.03%), Nigeria (22.59%), and India (24.53%). (Source)
• In the first quarter of 2019, there have been 27.928 mobile ransomware installation packages, 3.900 more than in the previous quarter. The top targeted countries were the US, Kazakhstan, and Iran. (Source)
• With all of this information at hand, we can draw the conclusion that being aware of the landscape of cybersecurity is important for both businesses and consumers. (Source)
• Security threats won't go away anytime soon. While some types of attacks have seen a decrease in incidents over the past year, there are new types of attacks that are taking up the spotlight. While security technology is becoming more advanced and efficient, so are cybercriminals' way of operating. (Source)