According to the Cyberint the financial industry is the most targeted industry worldwide, accounting for more than one third of all targeted attacks, and the retail industry is the third most targeted worldwide, behind manufacturing in the Americas and government targets in APAC and EMEA.

Banking trojans top the most prevalent malware families observed during 2019, and the volume of attacks is increasing due to the sale of “As a Service” platforms allowing less sophisticated attackers access to more complex tools for as low as several US dollars a month.

Cyberint also suggests that 2020 will continue to see organisations targeted by organised cyber criminal groups or nation-state sponsored threat actors. Ecrime groups will continue to focus on big gains by going after large organisations, while nation-state actors will focus on IP theft and will continue to target utility companies and commercial or defence contractors to gain advantage and minimize R&D and manufacturing gaps among nations.

“In-depth understanding of the threat landscape and how threat actors conduct operations are key factors in helping our customers protect their businesses,” says Daniela Perlmutter, VP of Marketing for Cyberint. “Continuously monitoring threats in real time as well as investigating and tracking their TTPs and infrastructure delivers an in-depth perspective of the behaviours and motivations that is critical for threat detection and mitigation.”

While highly sophisticated organised cyber criminal groups and nation-state sponsored threat actors pose ongoing threats, less sophisticated attacks using the “as a service” platforms available in the underground economy are increasing in prevalence, becoming serious threats for enterprises.

"Cyber criminals keep using the same TTPs because they work," says Adi Peretz, Head of Research at CyberInt. “Commoditising the attack infrastructure allows less sophisticated threat actors to gain access to more effective tools and poses an increasing risk to organisations’ IT infrastructure.”

The analysis is based on the combination of data collected by CyberInt’s Argos Threat Intelligence Suite and further in-depth investigative activities by Cyberint researchers and analysts who contextualise, categorise, correlate, and enrich the intelligence data.