Two new research reports indicate that threat actors mostly rely on traditional techniques, including phishing and credential stuffing, to target organizations. Trend Micro’s yearly security report for 2018 shows that the company detected 82% more phishing URLs in 2018 than it did the year before.
The other report, a Rapid7 overview of the last quarter of 2018, found that the most common attack detected by organizations was suspicious login attempts, such as those used in credential stuffing attacks were threat actors try to gain access to user accounts by trying out stolen or leaked account information for other companies.
Another striking finding of the Trend Micro report is that old threats for which security patches have been released long ago, are still making new victims. The infamous WannaCry ransomware is the most notable example. According to Jon Clay of Trend Micro: “WannaCry is one of the top malware we are seeing every month detected through our sensors, mainly because it is a worm, and it tries to spread itself all the time.”
Read more: Attackers Continue to Focus on Users, Well-Worn Techniques