A  new report -- Webroot® Threat Report: Mid-Year Update -- has found that one in 50 URLs are malicious, nearly one-third of phishing sites use HTTPS and Windows® 7 and exploits have grown 75 percent since January 2019. 

According to the report,

  • Hackers are using trusted domains and HTTPS to trick victims.
    • Nearly a quarter (24 percent) of malicious URLs were found to be hosted on trusted domains, as hackers know trusted domain URLs raise less suspicion among users and are more difficult for security measures to block.
    • 1 in 50 URLs (1.9 percent) were found to be malicious, which is high, the report says, given that nearly a third (33 percent) of office workers click more than 25 work-related links per day.
    • Nearly a third (29 percent) of detected phishing web pages use HTTPS as a method to trick users into believing they're on a trusted site via the padlock symbol.
       
  • Phishing continued rapid growth into 2019, and criminals are expanding their phishing targets.
    • Phishing grew rapidly, with a 400-percent increase in URLs discovered from January to July 2019.
    • The top industries impersonated by phishing include:
      • 25 percent are SaaS/Webmail providers
      • 19 percent are financial institutions
      • 16 percent are social media
      • 14 percent are retail
      • 11 percent are file hosting
      • Eight percent are payment services companies
         
  • Phishing lures are becoming increasingly personalized as more PII is collected from breaches.
    • Phished passwords are used for more than account takeover. Specifically: extortion emails are being used, claiming the user has been caught doing something embarrassing or damaging that will be shared with colleagues, friends and family unless a ransom is paid, says the results. 
    • Phishing doesn't always target usernames and passwords. The attacks also go after secret questions and their answers, says the report.
       
  • Windows 7 is becoming even riskier, with infections increasing by 71 percent.
    • Between January and June, the number of IPs that host Windows exploits grew 75 percent
    • Malware samples seen on only one PC are at 95.2 percent, up from 91.9 percent in 2018
    • Out of all infected PCs, 64 percent were home user machines, and 36 percent were business devices.