40% of Malicious URLs Were Found on Good Domains

Help Net Security shared an interesting statistic from the 2019 Webroot Threat Report. 40 percent of malicious URLs were found on good domains. Legitimate websites are frequently compromised to host malicious content.

To protect users, cybersecurity solutions need URL-level visibility or, when unavailable, domain-level metrics, that accurately represent the dangers.
The report also found that while Google was the single most impersonated brand in phishing, 77% of all phishing attacks impersonated financial institutions. (The good news? After 12 months of security awareness training, end users were 70% less likely to fall for phishing attacks.)

And Windows 10 devices were "at least twice as secure as those running Windows 7. Webroot has seen a relatively steady decline in malware on Windows 10 machines for both consumer and business."

Re:Correlation, Causation? No details at all?

[phantomfive]

Then there's this lovely quote:

After 12 months of security awareness training, end users are 70 percent less likely to fall for a phishing attempt.

If I'd spent 12 months training users, and only saw a 70% reduction(?), I would not be bragging about my course. I would be revamping my curriculum to figure out where I went wrong.

Re:Correlation, Causation? No details at all?

[TechyImmigrant]

Where I work, they send out fake phishing emails and provide a 'report phish' button in Outlook. Reporting real ones trains the system on what to filter and failing to report fake ones trains I.T. on who needs training.

This seems pretty effective and targeted.