Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Bots Attack US Mainly During Dinnertime
Newest First  |  Oldest First  |  Threaded View
SevilC489
50%
50%
SevilC489,
User Rank: Apprentice
7/7/2014 | 9:32:37 AM
Re: Hungry Bots
why dinnertime?

is it not better if attack on all night
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
4/23/2014 | 10:42:58 AM
Re: Hungry Bots
They are both evil. That's for sure.
Drew Conry-Murray
100%
0%
Drew Conry-Murray,
User Rank: Ninja
4/23/2014 | 10:42:12 AM
Re: Hungry Bots
Bots and telemarketers both strike at dinnertime? Maybe they're run by the same organizations.  : )
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/23/2014 | 7:52:45 AM
Re: Hungry Bots
I thought the same thing about time zones, Robert. In the Internet, there probably is never a time when no one is looking, but it makes sense that attackers would optimize their strategy in that way.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
4/23/2014 | 6:51:49 AM
Re: Hungry Bots
That makes sense, mirroring the way special forces units will often launch raids in the early hours of the morning - catching your enemy unawares. 

However I think it's no-coincidence, as you say, that China and Russia are just starting business when these attacks happen. Especially if the rumours surrounding the autonomous PLA Unit 61398 are true.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
4/23/2014 | 2:19:37 AM
Re: Hungry Bots
It's a good time to take the defense by surprise ... nothing more, but we have to consider that it is just a tentative. I have found very interesting the data on bad bot originator by country, in particular by the ranking of China, India and Russia ... the report explicititly mention the Internet exchange points as motivation ... but I think that there is something else.

 
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
4/22/2014 | 9:59:03 PM
Re: Hungry Bots
I agree with the logic of launching attacks when no one is looking as well.  However, it also corresponds to the start of the business day in countries such as China, where many attacks originate.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
4/22/2014 | 3:53:30 PM
Re: Hungry Bots
Good question, Marilyn. The report attributes it to the attackers waiting for most IT and web security pros to leave the office for the day--kind of like how many attacks occur after hours or on weekends, when the security team is at skeletal numbers. 

 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/22/2014 | 3:48:45 PM
Hungry Bots
Interesting about the timing around dinner time. Is there a theory about why then? Or just coincidence? 


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-1074
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, R390 driver branch, contains a vulnerability in its installer where an attacker with local system access may replace an application resource with malicious files. Such an attack may lead to code execution, escalation of privileges, denial of service, or...
CVE-2021-1075
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of se...
CVE-2021-1076
PUBLISHED: 2021-04-21
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.
CVE-2021-1077
PUBLISHED: 2021-04-21
NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
CVE-2021-1078
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.