InfoGuard Cyber Security and Cyber Defence Blog

The year of Emotet, Ryuk & co. – our look back over cyber security in 2019

Geschrieben von Michelle Gehri | 07 Jan 2020

2019 was an eventful year for cyber security, and so our teams were also kept pretty busy. It's no wonder that it flew by in a flash! What does your review of the year look like? Yet it wasn't just our cyber security and cyber defence specialists who had a lot to do. Our marketing department was also very busy, with among other things our weekly blog, which was visited by over 30,000 (!) people this year. In our final cyber security review of 2019, you can read about the topics that interested and concerned our readers the most in the blog.

Let's get right to the point: the competition for the top positions was neck-and-neck. But as you can already guess from the title, unsurprisingly, the top themes were all about the cyberattacks that are currently able to silently infiltrate the network and then suddenly strike – chiefly malware like Emotet, Trickbot and Ryuk.

1st place: Emotet discovers dynamite phishing

The article that got the most clicks was "Dynamite phishing – Emotet can forge e-mails almost perfectly". In this article, Stefan Rothenbühler, our Senior Cyber Security Analyst, explained how perfectly and dangerously the Emotet Trojan forges e-mails; a process which, incidentally, still works like clockwork. Do you even know what dynamite phishing is and how it works, and of course, how to protect yourself from it? You can find out in our top scoring article!

By the way, due to the increasing number of incidents our cyber security experts have created a poster on the subject of phishing. In it, you will find a clear overview of the most important insider tricks for exposing phishing mails. Download it now for free!

2nd place: the wave of cyberattacks begins

Second place goes to the article featuring a video, entitled "Warning: targeted attacks on Swiss companies", by our Head of Investigation & Intelligence, Mathias Fuchs. In this article, he described not only the malware that strikes the most commonly, but also the detailed procedures used by cybercriminals. Blog articles like these are not only popular; we believe they are also important to warn you – our readers. Of course, Mathias was also able to give you tips and tricks to avoid falling into the trap set by Emotet, Trickbot, Ryuk & co. However, it is clear to see that the wave was (or is) far from being over and done with, in the other blog posts that made it onto the winners' podium.

3rd place: even Microsoft is not immune to security loopholes

Remember the WannaCry ransomware that caused so many sleepless nights in 2017? Last May, there was a similar scenario that threatened to repeat itself due to a security hole in Microsoft RDP servers. The potential risk was huge, with almost 4,000,000 RDP servers exposed worldwide! Our most important message at the time was to make yourself as secure as you can as quickly as possible, and to do so our cyber security experts provided all the information and links you needed. Our readers obviously appreciated this very much, and this is what catapulted the article entitled "Microsoft RDP affected by serious security vulnerability" into third place.

More background information and recommendations on how to use RDP can be found in the follow-up article to Microsoft RDP, when the system had another serious vulnerability.

4th place: Emotet, Trickbot and Ryuk – a highly explosive malware cocktail

Of course, our Top 5 also has to include the article about the malware trio Emotet, Trickbot and Ryuk. Stefan Rothenbühler and his team explained step by step how the attackers proceed and the function of each of the malware, and again he gave tips for systematic protection.

But just to make the scenario a little bit more vivid, on our blog our cyber defence specialists related in the advent a four-part story of how an attack by the malware triumvirate can unfold in practice – from the original phishing e-mail to the ransom demand to the result of the cyberattack. But you will only find out if you read the whole story...

5th place: WhatsApp – the risk in our trouser pocket!

The article entitled "WhatsApp, Mobile E-Banking & co. – how to play it safe" comes in at the bottom of our Top 5. Why has this article been read so often? Again, unfortunately, because of a security loophole that created some commotion in May. This time, however, it wasn't just companies that were affected, it was mainly private users, so clearly demonstrating that cyber security has become part of everyday life and that we are also affected as private individuals.

In the blog post, our cyber security experts explained how the hackers went about it, what measures you should take in the event of an incident like this, and gave you some practical tips to protect yourself and your smartphone from cyberattacks.

365 days of cyber security – a look backwards and ahead

As you can see, 2019 was another year filled with vulnerabilities and malware. But you were also interested in other issues such as cloud security, incident response, cyber supply chain risk management, security awareness (above all phishing) and many more. What's coming up next? Well, we’ll let that be a surprise – the main thing is to make sure that you are well prepared! By the way, our partner Sophos' Threat Report 2020 provides a glimpse into the "cyber crystal ball". You can find the summary and the complete report here.

What would you like us to cover in the coming year? What subjects would you like to read more about? We look forward to your comments and we hope that we can count you among our loyal readership in the New Year too!

Prevention and reaction go hand in hand

In 2020, don't forget that nobody can be 100 % protected against cyber-attacks – particularly in the highly dynamic cyber world. That's why we advise you to take the greatest possible care well in advance, starting with the "human" security risk. Did you know that more than 99 (!) % of all attacks are down to human interaction? By taking the right security awareness measures, you can train your employees in the day-to-day handling of security risks and make them aware of the dangers. You can find out more about security awareness, social engineering, phishing and the measures that can be taken here:



And if an incident does occur, it is better to find a suitable partner today than tomorrow. Here, the InfoGuard Incident Response Retainer is the ideal solution for acting quickly, efficiently and effectively in an emergency situation. You can find more information about it here: