OpenText announces 2021 ‘Webroot BrightCloud’ threat report


OpenText announced the release of the 2021 ‘Webroot BrightCloud’ threat report. Webroot’s unparalleled sixth generation machine learning security platform provides unique data insights into the timing, tactics and technologies that threat actors used over the past year. 

Phishing activity increased significantly in the first few months of 2020, taking advantage of pandemic induced product shortages and increased usage of streaming services. For the first time, eBay topped the list of brands most targeted for impersonations, with 31.1 per cent of all phishing attacks in the month of February impersonating eBay. In March, phishing activity surged among streaming services YouTube, Netflix and Twitch.

“Gathered from over 285 million real world endpoints and sensors, and leveraging the extensive BrightCloud network of industry leading partners, this year’s threat report clearly shows how cybercriminals are willing and able to evolve their tactics to exploit collective human interest and current events,” said Prentiss Donohue, Executive Vice President, OpenText. 

“The findings underscore the need for users and businesses of all sizes to enact a multi layered approach to data security and protection given the persistent creativity of cybercriminals,” added Donohue.

Notable report findings:


  • Attacks increased 510 per cent from January to February alone
  • The top five phishing targets of the year were eBay, Apple, Microsoft, Facebook and Google
  • By the end of 2020, 54 per cent of phishing sites used HTTPs. Use of HTTPS varies considerably based on the industry being targeted and is most heavily used when spoofing cryptocurrency exchanges, ISPs and gaming.


  • 86.1 per cent of malware is unique to a single PC.
  • 83 per cent of Windows malware hides in one of four locations.
  • Consumer devices saw twice as many malware infections when compared to business devices.


The threat intelligence, trends and details presented in the 2021 ‘Webroot BrightCloud’ threat report are based on data continuously and automatically captured by the Webroot Platform, which is the proprietary machine learning based architecture that powers all Webroot protection and BrightCloud services. This data comes from over 285 million real world endpoints and sensors, specialised third-party databases, and intelligence from end users protected by our leading technology partners like Cisco, Citrix, F5 Networks and more.


Please enter your comment!
Please enter your name here