45% of businesses and 52% of consumers suffered at least one sustained additional infection on average in May 2021, according to the Webroot Brightcloud Mid-Year Threat Report.
The report found that May 2021 was a record month, with a 440% increase for the largest spike in phishing attacks in a single month.
Large organisations have continued to suffer from extortion and ransomware, with financial organisations being a primary target. PayPal accounted for 1% of the top 200 phished brands in May, seeing a 1,834% spike. Technology supply chains are also a popular target, suffering malware infections 57% higher than the global average.
“People aren’t learning from their cyber mistakes, and more concerning, they aren’t equipped with knowledge on how to prevent repeat mistakes,” said Grayson Milbourne, Security Intelligence Director at Webroot. “Organizations must take ownership of the issue and do all they can in leading their people to improve security awareness, knowledge and habits.”
Phishing attacks are increasingly targeting crypto exchanges and wallets, according to the report. Webroot found a 75% increase in Coinbase phishing pages using HTTPS immediately after Coinbase’s IPO. Cryptojacking also remains active, but has declined since March 2020, which has been attributed to the end of several crypto mining operations, including Minr, XMROmine and JSECoin. Cryptojacking activity saw a 39% decline by the end of June 2021.
“Cryptocurrency is like leaving behind digital breadcrumbs on blockchain, and while cryptojacking in the browser is dead, crypto mining using applications is still very profitable and might yield a higher reward over time than a ransomware demand,” said David Dufour, Webroot’s Vice President of Engineering.