If you follow my postings on all things malicious, which unfortunately have become a dominant subject in recent weeks, you are aware of my delight in gleaning new insights from subject matter experts. In perusing the now almost daily flow of information on bad guy activities—who they are attacking, the impact, user reactions, estimated cost of being out of service, tools of mayhem being employed, frequency and sophistication, recommended defenses, etc.—it got me to wondering if there were any days when certain entities and assets were most vulnerable to being attacked.
It is easy to understand attacks. This is especially true of pernicious denial of service attacks (DoS), of either the straight or the even more malevolent distributed (DDoS) kind, which are aimed to shutting down things like retailers, government agencies, and media outlets. In fact, the picture tends to become very clear when the perpetrators gloat about their exploits. However, such attacks seem random in terms of timing. Some of this is likely because of when and how they are reported including the fact that such attacks can go undetected for long periods of time, and or are not serious enough to do anything except make the Internet seem slow and thus make those under attack shy about reporting them.
With this question my “inquiring minds want to know” list, I was intrigued by recent research from applications delivery and security company Radware. Timed wisely to be just in front of the painful 9/11 date here in the U.S., which has been a date now saturated with rumors about coordinated attacks from the Middle East, Radware’s analysis revealed there is a direct correlation between important dates and increases in DoS attacks.
The most significant ones actually are kind of obvious due to the nature of the dates and hence who would be targeted. The top ones are in no rank order:
- September 11
- Memorial Day
- Election Day
- Independence Day
- Black Friday (the Friday after Thanksgiving, which marks the start of the Christmas Shopping season)
- Cyber Monday (the first Monday that follows Black Friday)
- Other transactional heavy days such as the days just prior to Mother’s Day and Father’s Day
Hackers also like to obviously disrupt specific business sectors based on contextual awareness and thus use the big shopping dates to target retailers, and credit card companies, for example.
Just as an aside, comedian Woody Allen once remarked about his being highly disturbed in August in New York because that was when all the psychiatrists were on vacation. Based on observation as to why industry events in the U.S. are not held in August, and I am not saying this as encouragement to the hackers, that month seems to be one when the troops and not necessarily the generals are manning the barricades.
"Timing is an extremely influential risk-factor for cyber attacks throughout the year," said Carl Herberger, vice president of security solutions for Radware. "Hackers capitalize on overwhelming their target's environment on days of great importance and look to exploit vulnerabilities that cause the most detriment. Because these types of assaults show no signs of slowing, it's crucial that businesses implement anticipatory security measures in preparation of these peak times so that networks and data centers are able to properly detect and defend against sophisticated threats."
Based on the fact that we are heading into what could be characterized as a “target rich” time of the year for dates on which to perform one or both type of mayhem, Radware says the correlation not only should be taken seriously but should be dealt with proactively with a sense of urgency.
The company is therefore recommending five foundational and common sense steps that can be taken immediately by network administrators and security professionals to defend and prepare their networks during these at-risk times of the year:
- Identify High-risk Dates: Businesses should recognize which times of the year present excessive levels of risk for them based on contextual awareness and develop strategic plans to mitigate issues in the event of a cyber attack.
- Conduct Seasonal Risk Assessments: Aside from classifying top dates for cyber attacks, companies should also highlight seasons for increased web traffic and periods for increased vulnerability that have presented an issue in the past or have the potential to be problematic. Through this assessment, a strategic security plan can then be developed.
- Review Network Security Technology: In short, inventory capabilities taking into account that deploying critical missing defenses can take months.
- Run Attack Scenarios: When under a real attack is not the best time to find out if you have invested wisely.
- Educate Employees: Employees are often the weakest links in an organization's cyber security plan. Ensure that all staff members are fully aware of the latest tricks and scams that hackers are utilizing to infiltrate networks by providing training and ongoing education on organizational cyber security policies and procedures.
I have said this before and it bears repeating. Understanding where your organization is vulnerable, and specifically on what days it might be most vulnerable, is the best way of formulating a strategy for mitigating risks. The steps above may seem almost mundane, but unfortunately it might surprise you how many entities do not do all of the above.
The only thing I would add to the list is have a good crisis management plan in place. As recent events have shown, stuff is going to happen, and the biggest hit to your organization’s reputation is not necessarily the dollars lost during a breach or outage but how well you keep customers informed as to what is happening. Forgiveness is becoming a scarce resource as more and more problems come to light, and how to explain things and treat customers now also has a sense of urgency as part of security planning.
Image via Shutterstock
Edited by Rachel Ramsey