I'm sorry, I can't seem to find any references to driveby exploits in that report. I see many mentions of malicious office documents with downloader macros and similar attacks that certainly happen regularly today.

I do not see any mentions of attacks fitting the driveby pattern you described earlier. I am aware such targetted attacks do exists, but they're extremely rare these days compared to a few years back.

Almost all attacks today rely on social engineering to trick the victim into handing out their credentials or opening a malicious file, not a link.

I literally just got a call about someone being hit. The avenues used to penetrate are email spam and RDP.

They're less rare because they've almost completely replaced the attacks I described as "very unlikely".

In 2019 it's extremely rare that anyone gets owned just by clicking a link, we've moved very far from that.