Apparently, the only time bad-guy hackers take a breather from hammering away at websites is during the World Cup final match.
That's the takeaway from new data gathered by Imperva from its customers via its threat intelligence service. It turns out that web attacks were heavier than normal during the quarterfinal and semifinal matches, but they were miniscule during the final, in which Germany beat Argentina in extra time.
Though he says he's no soccer fan, Barry Shteiman, director of security strategy for Imperva, immersed himself in the single-elimination playoff portion of the global soccer tournament in order to set the parameters for studying activity during the quarterfinal, semifinal, and final matches.
What he found after measuring attacks during a two-hour period for each match was there was nearly three times the attack volume on websites during the quarterfinals and semifinals than comparable times when no games were under way.
And during the Germany-Argentina final match, attack volume was only about 2% compared to the quarterfinal and semifinal matches.
"We were surprised. We thought that the attacks would be the same or even during the final," Shteiman says. "With a lot of attacks over the past few years... attackers [take advantage] of everyone turning from security operations to watching the game instead of the incoming attacks. They're not focused," so that's ideal time for hackers to do their dirty work.
Website attackers definitely took advantage of distracted security folk during the quarterfinal and semifinal matches. "They took advantage of them watching those matches, when they were distracted," he says. "But it appears the attackers were distracted during the final."
Also, the final was on a Sunday, which could in part account for the drop in activity, he says.
Imperva typically sees around 2,125.5 individual attacks per hour during the timeslots the games were played, along with 441 attack campaigns per hour.
There were 149 attacks during the final pregame period, 160.5 during the match itself, and 34 during the post-game timeframe. Attack campaign volumes were even lower, with 68 during the pregame, 53.5 during the match, and 22 in the post-game timeframe.
Attack activity was consistently high during the other matches in the single-elimination phase, especially during the third-place game between Brazil and the Netherlands and the lopsided Brazil-Germany semifinal, which Germany won 7-1.
Interestingly, Imperva didn't find any attacks originating from Germany or Argentina during the final match, either. A blog post with more details can be found here.