Threat actors are increasingly combining the exfiltration of sensitive data and encryption as new levers to compel victims to pay. The top threats for fall 2019 remained Trickbot and Ryuk. The number of engagements closed out was around the same as the previous quarter. Phishing remained the top infection vector. We observed an uptick in web application exploitation, a website defacement incident, and some new evasive tactics. We did not observe any incidents related to illicit mining, though there was a reemergence in the winter.”]
Source: https://blog.talosintelligence.com/2020/02/quarterly-report-IR-Q4-2019.html

