When it comes to the threat landscape, it’s important to take a look in the rearview mirror once in a while. As with driving, not only do you get a good look at what’s behind you, but you can often spot what’s coming up quick, set to overtake you. That’s the spirit of this threat report. We’ve picked out five key stories from the last year or so, not just because they were big events, but because we think these threats, or similar ones, could very well appear in the near future. Take modular threats like Emotet and VPNFilter, for example. These are threats that can deliver an on-demand menu of attacks and threats, depending on which device is infected or the intended goal of the attacker. We saw plenty of such modular threats in recent history, and wouldn’t be surprised if we see more in the future. Email remains the darling delivery method of attackers, with threats from cryptomining to Emotet using it to spread. It’s also highly likely that other threats, such as unauthorized MDM profile, used it too. This highlights how critical it is to keep a close eye on what is coming in through your mailbox. Modus operandi Revenue generation continues to be a primary motivation for attackers: malware follows the money. Cryptomining threats, for instance, are laser-focused on this goal. Meanwhile, Emotet has pivoted to a threat distribution network, capitalizing on a variety of options to make money.