Content, Content, Networking

Cybersecurity Threat Report: Webroot’s 2018 Research Report

Credit: Getty Images

Cybercriminals are finding new tactics and ways to infiltrate systems on a daily basis. When security professionals figure out one way to prevent a breach, the criminals have already found multiple new ways to circumvent the protocols in place. Staying on top of the latest threats and tactics is essential for any MSP that wants to make sure their clients are protected.

With those realities in mind, Webroot recently released its 2018 Webroot Threat Report. It presents analysis, findings, and insights from the Webroot Threat Research team on the state of cyber threats. The company claims that the report analyzed more than 27 billion URLs, 600 million domains, 4.3 billion IP addresses, 62 million mobile apps, 15 billion file behavior records, and 52 million connected servers.

The report definitely shows that attackers are learning just as quickly as security professionals, and are finding new ways to breach networks. Some of the most common attacks were analyzed in the report, including polymorphic attacks, cryptojacking, ransomware, and phishing.

Polymorphic attacks

As security programs and professionals continue to learn how to find and detect malware, attackers are finding new ways to hide it. Polymorphic attacks can be especially difficult to combat because the signatures that can be used to identify it are constantly updating and changing. According to the report, more than 94% of all malicious executables are polymorphic. Supporting this claim is the fact that in 2017, 93% of the malware encountered was seen on only one machine, meaning the signature changed enough from machine to machine that each variant was only able to be detected once.

The report claims that upgrading all business devices to Windows 10, which offers greater security than previous versions, is a great way to combat the spread of polymorphic attacks.  According to the report, combined with advanced endpoint protection that uses behavioral analysis and machine learning, adopting Windows
10 can greatly reduce enterprises’ vulnerability to cyberattacks.


As a relatively new threat on the scene, crytpojacking is quickly becoming a very serious threat. Based on early reports, this threat is becoming quite popular because it is highly profitable and easy to implement. Instead of hijacking someone's files in exchange for money, like ransomware attacks, the attacker simply utilizes the victims CPU power to mine crytpocurrency. Since this form of attack is mostly invisible to the end user, the system could be compromised for quite some time before it is found.


Although ransomware has been around for a while, it is still an extremely popular form of attack. Just last year we witnessed the most widespread ransomware attacks to date. WannaCry and NotPetya were both extremely destructive and together they were able to infect more than 200,000 machines in more than 100 countries, all within just 24 hours.


One of the most successful phishing attacks occurred during 2017. The email that claimed to be a Google Doc from a trusted contact claimed a lot of victims. The main reason it was so successful was that it was highly targeted, and used social engineering to convince the user the email was from a legitimate source. The report from Webroot also found that almost 25% of phishing sites used IP masking, which makes it more difficult to discern the actual IP address of the domain. Another common tactic is to use benign domain names and replace a single web page with phishing content. When inserted as a disconnected, isolated page (i.e. no pages on the site point to the phishing page, nor does the phishing page point to any other pages on the site), it is nearly impossible for crawlers to detect the phishing threat.

There are several more insights into the latest threats and how to combat them within the report. You can view the report from Webroot on their website. However, they recommend, not only making sure operating systems are completely up to date, but organizations should also be using automated, real-time decisionmaking based on continuously-updated threat intelligence, contextual analysis and advanced endpoint and network protection. When coupled with strong user security training, any organization can materially reduce its exposure to unacceptable risk, according to Webroot.