Skip to content Skip to footer

2020 Webroot Threat Report: phishing attempts grew by 640% in 2019

The 2020 Webroot Threat Report, commissioned by OpenText, estimates that there was a 640% increase in phishing attempts and a 125% increase in malware targeting Windows 7 in 2019. The report is derived from metrics captured and analyzed by Webroot’s, cloud-based machine learning architecture: the Webroot Platform.

The report analysed samples from more than 37 billion URLs, 842 million domains, 4 billion IP addresses, 31 million active mobile apps, and 36 billion file behavior records. The statistics presented in this annual threat report are derived from metrics automatically captured and analyzed by the Webroot Platform, OpenText’s cloud-based machine learning architecture. 

“In the cybersecurity industry the only certainty is that there is no certainty, and there is no single silver bullet solution,” said Hal Lonas, senior vice president and CTO, SMB and Consumer, OpenText. 

“The findings from this year’s report underline why it’s critical that businesses and users of all sizes, ensure they’re not only protecting their data but also preparing for future attacks by taking simple steps toward cyber resilience through a defense-in-depth approach that addresses user behavior and the best protection for network and endpoints.” 

Notable findings in the 2020 report include: 


  • Phishing URLs encountered grew by 640% in 2019.
    • 1 in 4 malicious URLs is hosted on an otherwise non-malicious domain.
    • 8.9 million URLs were found hosting a cryptojacking script.
    • The top sites impersonated by phishing sites or cybercriminals are Facebook, Microsoft, Apple, Google, PayPal and DropBox.
    • The top five kinds of websites impersonated by phishing sites are crypto exchanges (55%), gaming (50%), web email (40%), financial institutions (40%) and payment services (32%).
  • Malware targeting Windows 7 increased by 125%.
    • 93.6% of malware seen was unique to a single PC – the highest rate ever observed.
    • 85% of threats hide in one of four locations: %temp%, %appdata%, %cache%, and %windir%, with more than half of threats (54.4%) on business PCs hiding in %temp% folders. This risk can be easily mitigated by setting a Windows policy to disallow programs from running from the temp directory.
    • IP addresses associated with Windows exploits grew by 360%, with the majority of exploits targeting out-of-date operating systems.
  • Consumer PCs remain nearly twice as likely to get infected as business PCs.  
    • The data reveals that regions most likely to be infected also have the highest rates of using older operating systems.
    • Of the infected consumer devices, more than 35% were infected more than three times, and nearly 10% encountered six or more infections.
    • The continued insecurity of consumer PCs underscore the risk companies face in allowing employees to connect to business networks from their personal devices.
  • Trojans and malware accounted for 91.8% of Android threats.


You may also like

Stay In The Know

Get the Data Centre Review Newsletter direct to your inbox.