Annual review regarding vulnerabilities and attacks for 2019

The aim of this review is to highlight the general tendencies and threat evolution to help the community to enhance their protections.

In this report, Cert-IST analyzed the main events of 2019:

• BlueKeep: The expected attack has not (yet) arrived
• Waves of ransomwares aimed specifically at businesses and organizations
• Cybercriminal attacks return to the forefront of the news
• State attacks are still very present
• With ATT&CK and Open-CTI the analysis and response to attacks is becoming more mature
• Data leaks: 9 billion passwords, what next?

This document is available on Cert-IST public website:

• in English: Annual Report on Attacks and Vulnerabilities seen in 2019
• in French: Bilan Cert-IST 2019 des failles et attaques