Cities Under Siege: AppRiver’s Midyear Cybersecurity Report Finds Local Governments in Hackers’ Sights More Often Than Ever

July 18, 2019

Cities Under Siege: AppRiver’s Midyear Cybersecurity Report Finds Local Governments in Hackers’ Sights More Often Than Ever

GULF BREEZE, Fla. -- According to the new Mid-Year Global Security Report, released today by AppRiver, a Zix company (NASDAQ: ZIXI), cyberthreats targeting municipalities are on the rise. Through the first half of 2019, a growing number of municipalities across the US were hit with crippling ransomware attacks, while several large companies disclosed data breaches that exposed more than 625 million records. 

The report also highlighted the most prevalent attacks identified by the company during the first half of the year, including chained malware attacks, Emotet, and conversation hijacking attacks.

As these threats increased globally, AppRiver has responded by effectively defending its customers’ and partners’ email mailboxes – one of the most vulnerable cyberattack targets. During the first six months of 2019, AppRiver was successful in blocking more than 124 million emails with malware attached and more than 20 million spear phishing attacks. 


The report, based on global data compiled by AppRiver’s cybersecurity analyst team, delves into what is being considered a record year for disruptive attacks that appear to be affecting municipalities at an alarming rate. In 2018, AppRiver analysts stated that they “expect to see more disruptive cyberattack events committed by nation states that masquerade as financially motivated attacks.”

According to the report, it is still up for debate as to who or why these attacks are being launched against local governments, but they could have widespread effects beyond financial damage. For example, malware has the potential to disrupt infrastructure, spread fear and doubt, or otherwise cause discomfort for citizens dependent on city services.

“To stay one step ahead, we must look at these attacks and question if they are more than what they seem,” said Troy Gill, senior cybersecurity analyst for AppRiver. “Could these attacks be a dress rehearsal for larger scale, potentially more detrimental attacks? We don’t have the evidence to prove that yet, but we have to be prepared that it may well be the case either now or in the future.” 


So far in 2019, chained malware attacks, Emotet, and conversation hijacking attacks have continued to pad cybercriminal pockets, while keeping analysts busy blocking their attempts to reach networks.

According to the report, chained malware attacks have become more prevalent this year. Profitable and successful malware attacks have been observed chaining multiple attack strategies by sharing a single foothold into a system.

As such attacks grew in popularity, Emotet, formerly classified as a bank trojan, was reclassified as a botnet early in 2019.

Emotet can spread quickly through infected devices but has recently gained the ability to scrape the past 180 days of mail from compromised accounts, including every subfolder in the client’s interpersonal message root folder. Attackers are using this new ability to deliver malicious attachments using previous actual email conversations, a technique that unfortunately increases the perception from unknowing recipients that the message is legitimate, typically resulting in the addition of even more infected machines to the dangerous botnet.

Emotet wasn’t the only threat being seen on a large scale.

“Unfortunately, there’s also been no shortage of Conversation Hijack Attacks so far this year,” security analyst David Pickett said. “This year, encrypted ZIP files have been cyberattackers’ bread and butter. To appear more legitimate, they frequently pivot from different iterations of the attack for maximum effectiveness. These adaptations include utilizing different languages, different passwords, different file name schemes, and verbiage.”


In the first six months of 2019, AppRiver quarantined:

4 billion spam messages More than 124 million emails with malware attached More than 20 million spear phishing attacks

“As cybercriminals continue to evolve their tactics, AppRiver is committed to keeping pace,” Gill said. “So far in 2019, we’ve seen and blocked a prevalence of spam messages as well as malware attachments and spear phishing attempts, but the numbers speak for themselves – we have a proven track record in defending against some of the most common threats surrounding business communications, and we are committed to ensuring that our customers and partners remain protected at all costs.”

A full, complimentary copy of the Mid-Year Global Security Report is available to download HERE.

About AppRiver

AppRiver, a Zix company, is a channel-first provider of cloud-enabled security and productivity services, with a 4,500-strong reseller community that protects 60,000 companies worldwide against a growing list of dangerous online threats. Among the world’s top Office 365 and Secure Hosted Exchange providers, the company’s brand is built on highly effective security services backed by 24/7 white-glove Phenomenal Care® customer service. AppRiver is headquartered in Gulf Breeze, Florida and maintains offices in Georgia, Texas, New York, Canada, Switzerland, and the U.K. For more information, please visit

About Zix Corporation

Zix Corporation (Zix) is a leader in email security. Trusted by the nation’s most influential institutions in healthcare, finance and government, Zix delivers a superior experience and easy-to-use solutions for email encryption and data loss prevention, advanced threat protection, unified information archiving and bring your own device (BYOD) mobile security. Focusing on the protection of business communication, Zix enables its customers to better secure data and meet compliance needs. Zix is publicly traded on the Nasdaq Global Market under the symbol ZIXI. For more information, visit