Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/11/2019
12:01 PM
50%
50%

Summer: A Time for Vacations & Cyberattacks?

About a third of cybersecurity professionals believe that their companies see more cyberattacks during the summer, but the survey data does not convince on the reasons for the perception of a summer bump.

Ah, summer. Sweltering days, family vacations, the annual Black Hat and DEFCON conferences, and — more cyberattacks?

In a survey published on July 11, security firm Lastline found that 58% of security professionals believe there is some seasonality in the attacks on their company, and the majority of that portion — about 52% — peg summer as the prime time for breaches. Both phishing and malware attacks are more likely to be encountered during the summer months, according to the survey of 1,000 security professionals, with 47% and 44% of respondents seeing more of each of those attacks, respectively.

The results are interesting and should raise questions for companies, says John DiLullo, CEO of Lastline.

"I don't claim to know what is going on in the cybercriminal's mind, but there is some logic to saying that I may get a higher return on my effort during the summer months, especially when my efforts are aimed at individuals," he says.

The timing of cyberattacks have been an occasional topic of researchers' investigation. 

A study of 850 attacks in 2017 and 2018 against UK universities found that the attacks often corresponded to the times of the year when students were at school, suggesting that many of the attacks may be initiated by students. The study, by the Joint Information Systems Committee (JISC), found that attacks dropped off significantly during the summer, dropping from an average of one attack a week during the summer months, from up to 60 a week in the fall.

Yet, the feeling among security professionals that summer is high time for sun and cyberattacks persists. A 2017 blog post by former security firm Secdo, bought by Palo Alto Networks in 2018, also argued that summer, with lower staff counts and workers connecting to unsecure Wi-Fi, continues to endanger corporate networks.

"Summer is an opportunity for hackers to take advantage of less staff on call and increased remote access combined with possible ignorance when it comes to the use of public Wi-Fi and mobile network security," the company stated in an archived blog post.

Lastline's survey sheds some light on security professionals' perceptions of the summer bump in cyberattacks. A third of respondents blamed remote working for the increase in seasonal threats, with the largest portion of security professionals — 68% — most worried about employees connecting to unsecured public Wi-Fi hotspots. Other major worries include workers clicking on phishing emails or interacting with spearphishing attacks, leaving their computers unlocked in public locations, and using unapproved applications, according to the report

"When people are working from home or working remotely, there is a dynamic that happens that — because they are not behind that perimeter in their office, are working with public Wi-Fi providers and on personal devices — you perhaps don't have as much endpoint protection as in the office," DiLullo says.

The other common perception is that a shortage in staffing leads to a slower response time. With security staff on vacation, many companies assume that response time would be slowed. Yet Lastline's survey found the opposite — more security professionals felt that they would respond more quickly to cyberattacks during summer months. In fact, 36% of respondents thought their response to an incident is faster in the summer than other times during the year. Almost half of respondents thought it would be unchanged, and only 12% thought they would be slower.

Companies should still work to speed their response, says Lastline's DiLullo. 

"If you don't have the response process automated, and if you find yourself down 20% of your resources, you can imagine the impact that might have on your capability," he says.

Whether the perceived summer bump is supported by other data and what is behind any actual increase in attacks during the summer is unclear. In addition, the survey is not without its inconsistencies. While 53% of respondents initially answered that they did see a seasonal change, a later question — on whether they thought it was due to remote work — suggests that 74% assume there is a seasonal increase in attacks.

Lastline's DiLullo acknowledges that the survey raises more questions than it answers.

"I think it is impossible to know exactly what is at the root of this," he says. "Even the respondents didn't necessarily cite hard evidence."

Related Content

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
GiovanniV931
50%
50%
GiovanniV931,
User Rank: Author
7/14/2019 | 2:56:45 PM
Cybercrime does not sleep?
I think that cybercriminal perceive the key role that humans play in breach detection, and, therefore feel that the probability of being detected might decrease during summer month...
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13096
PUBLISHED: 2019-07-22
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/shared_prefs/<wallet-name>.xml to gain unauthorized access.
CVE-2019-13097
PUBLISHED: 2019-07-22
The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.
CVE-2019-10102
PUBLISHED: 2019-07-22
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conver...
CVE-2019-12326
PUBLISHED: 2019-07-22
Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution.
CVE-2019-13100
PUBLISHED: 2019-07-22
The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/shared_prefs/sendanywhere_device.xml.