2019 Internet Security Threat Report

Data for the report comes from Symantecs Global Intelligence Network, which records events from 123 million attack sensors worldwide. Data for the report comes from more than 157 countries worldwide.

The report runs to 61 pages. To save you reading through everything we’ve summarised it, picking out the most relevant and important information.


Formjacking attacks are simple and lucrative: cyber criminals load malicious code onto retailers’ websites to steal shoppers’ credit card details, with 4,800+ unique websites compromised on average every month.

Both well-known (Ticketmaster and British Airways) and small/medium businesses were attacked, conservatively yielding tens of millions of dollars last year.

Over a third of formjacking took place in the last quarter of 2018. 1.36 million attempts were blocked in that period. This shows that this activity is on the rise


Ransomware and cryptojacking are the traditional go-to moneymakers for cyber criminals. But 2018 brought diminishing returns, resulting in lower activity. For the first time since 2013, ransomware declined, down 20 percent overall, but up 12 percent for enterprises.

With a 90 percent plunge in the value of cryptocurrencies, cryptojacking fell 52 percent in 2018. Still, cryptojacking remains popular due to a low barrier of entry and minimal overhead.

Targeted Attacks

Supply chain and Living-off-the-Land (LotL) attacks are now a cybercrime mainstay: supply chain attacks ballooned by 78 percent in 2018.

Living-off-the-land techniques allow attackers to hide inside legitimate processes. For example, the use of malicious PowerShell scripts increased by 1,000 percent last year.

Attackers also increased their use of tried-and-true methods like spear phishing to infiltrate organisations. The most likely reason for an organisation to experience a targeted attack was intelligence gathering. This was the motive for 96 percent of groups.

Nearly one in ten targeted attack groups now use malware to destroy and disrupt business operations. This is a 25 percent increase from the previous year. One stark example is Shamoon – which notably re-emerged after a two-year absence, deploying wiping malware to delete files on computers of targeted organisations in the Middle East.


In 2018, employees of small organisations were more likely to be hit by email threats—including spam, phishing, and email malware—than those in large organisations. Spam levels continued to increase in 2018, as they have done every year since 2015. 55 percent of emails received in 2018 were categorised as spam. Meanwhile, the email malware rate remained stable. Phishing levels declined, dropping from 1 in 2,995 emails in 2017, to 1 in 3,207 emails in 2018. The phishing rate has declined every year for the last four years.

Fewer URLs were used in malicious emails as attackers refocused on using malicious email attachments as a primary infection vector. The use of malicious URLs in emails had jumped to 12.3 percent in 2017. But in 2018 it dropped back to 7.8 percent. Symantec telemetry shows that Microsoft Office users are the most at risk of falling victim to email-based malware. Office files accounted for 48 percent of malicious email attachments. This is up from 5 percent in 2017.


A single misconfigured cloud workload or storage instance could cost an organisation millions or cause a compliance nightmare. In 2018, more than 70 million records were stolen or leaked from poorly configured S3 buckets. Off-the-shelf tools on the web allow attackers to identify misconfigured cloud resources.

Hardware chip vulnerabilities, including Meltdown, Spectre, and Foreshadow allow intruders to access companies’ protected memory spaces on cloud services hosted on the same physical server. Successful exploitation provides access to memory locations that are normally forbidden.

This is particularly problematic for cloud services because while cloud instances have their own virtual processors, they share pools of memory. This means that a successful attack on a single physical system could result in data being leaked from several cloud instances.

Internet of Things

Your favourite IoT device is an attacker’s best friend. After a massive increase in Internet of Things (IoT) attacks in 2017, attack numbers stabilised in 2018.

Although routers and connected cameras make up 90 percent of infected devices, almost every IoT device is vulnerable, from smart light bulbs to voice assistants. Targeted attack groups increasingly focus on IoT as a soft entry point, where they can destroy or wipe a device, steal credentials and data, and intercept SCADA communications.

Get Your Cyber Security up to scratch

Good cyber security is vital for business of all sizes.

We’ll carry out a FREE cyber security check up which will highlight any areas of concern and is based on the Cyber Essentials standard.

The check up will help you to identify where any weaknesses are in your current cyber security arrangements. We’ll also suggest where improvements can be made.

If you would like a FREE cyber security check up call us on 0115 822 0200 or complete the Contact Form on our website and we’ll call you back.

If you would like to read the entire report please visit