Attackers target default or easily-guessed usernames and passwords to breach enterprise defences. Increasing complexity and attack surface expansion compounded by cloud, IoT, and network segmentation also a problem. WordPress was by far the most exploited content management system, with Joomla a distant second. Malware continued to dominate over 2016 but there were a few months namely June, July, and August 2016 during which ransomware phishing appeared to have outpaced conventional malware phishing. Adobe updates were found to be the most prevalent drive-by updates for delivering malware or phishing attacks.”]