BitDam Blog

A Year-in-Review: The Top 3 Threats of 2019
Roy Rashti
Roy Rashti
3 minutes & 57 seconds read · December 9, 2019

A Year-in-Review: The Top 3 Threats of 2019

Moving into 2020, I wanted to take a look back at some of the must-know threats of 2019, which unfortunately, can pose a threat to each and every one of us. Here are the top ones.

1. Ransomware

One of the most intimidating threats out there is Ransomware. A malicious software that encrypts any data it can get a hold of, preventing access to this data until the ransom is paid. Attacker’s preferred targets for Ransomware attacks are SMBs. These organizations tend to have insufficient defensive mechanisms leaving themselves vulnerable to such attacks.


A nasty Ransomware which became very famous since its conception in 2018.

It is operated by a Russian-based hacking group called Wizard Spider, also responsible for Trickbot malware. Ryuk is a great example of a multi-stage attack, as many of its installations are done by Trickbot.

It is believed Ryuk is somewhat of an evolved form of Hermes Ransomware due to numerous similarities and characteristics.


Usually paired with Dridex/Emotet, Bitpaymer Ransomware usually targets mid-large size organizations, making it’s ransom payments relatively high.

Bitpaymer is operated by Indrik Spider, the same e-crime group that operates Dridex.

Earlier this year, DoppelPaymer was forked from Bitpaymer’s code and it appears that both malware were operating in parallel.


Notorious Gandcrab is one of the most successful RaaS (ransomware-as-a-service).

In 2019, the operators of Gandcrab declared retirement, after making over $2B in just a year and a half (for comparison – Dunkin’ Donuts gross revenue was $1.3B in 2018 with significantly larger operation costs.


2. Phishing

Generally speaking, Phishing is a form of a cyber-attack deceiving an end-user and tricks them into doing actions or providing information, they would otherwise not disclose.

These days, not a day goes by without a huge number of phishing attempts. New levels of sophistication, along with technology improvements, brought the field of phishing to a new playing field.

Business Email Compromise (BEC)

Heavily relying on social engineering, the fraudsters try to impersonate the organization’s executives into fooling employees, usually in order to have them do things benefiting the attackers, like wire transfers. Among “these phishing methods, are CEO Fraud, Attorney Impersonation, Data theft, etc.

Watering Hole Attack

The term, borrowed from the realm of animals, refers to a situation where attackers wait stealthily for the victims in a place they know their victims will end up coming to.

Attackers inject their code into a legitimate website’s code while preserving the original look and behavior of the website.

When the victim arrives at the website, the attack will execute.

This could result in leaked SSN, email addresses, passwords or even start a download of the newest version of the attackers’ botnet.

Credential Harvesting / Impersonation

In this plot, the attackers usually create a fake website with the look and feel of a popular website; Paypal, Bank of America or even Office365 login page. A link to the website is often distributed via email and, if the attack is successful, the credentials of the innocent end-user will be stored and used by the attackers for various purposes.


3. Botnets

One of the most prevalent first-stage attacks.

A Botnet is a malicious computer program, designed to be controlled by the attacker.

It can be leveraged to create a massive DDOS attack, leak sensitive information from the end-users’ computer or install the next phase of a complex Ransomware attack.


Undoubtedly, a top dog in the Botnet landscape. The US Cert states Emotet is among the most costly and destructive malware. This banking trojan is widely spread and used as an installer for malware like Dridex or Trickbot.


One of the most successful banking trojans. Often paired with Ryuk, causing destructive damage to organizations, Trickbot is massively spread through email campaigns. Trickbot is a modular malware, which means the attackers can adjust it for their needs – drop another malware, use Mimikatz and leak sensitive information from their computer.


Often used as a prior infection phase for Bitpaymer and also known as Cridex or Bugat. This malware is usually delivered via malicious VBA macros in Office documents. One of the main things Dridex does is log keystrokes, trying to find sensitive banking information in hopes to steal money from innocent victims.


The cyberthreats landscape constantly evolves. New types of attacks and implementations of existing attacks keep emerging. With attackers selling ‘Ransomware as a service’ (RAAS), combining their operations with multi-stage attacks and installing stealth Cryptomining malware, bad actors’ creativity never ceases to amaze.

To ensure that your organization is secure, try BitDam online Breach and Attack Simulation. Sign up for free and get a sense of which of the above would bypass your current security and which would be blocked if emailed to you today.

Schedule a Demo

Enter your email to get a free trial invitation