How to Sign In
Cengage Technology & Computing Blog
cancel
Showing results for 
Search instead for 
Did you mean: 
X
When Attackers Attack
Scholar
342 Views
0 Comments

[Reading Time - 2 minutes 2 seconds]

 

Wouldn't be nice to know which days of the week--and even times of day--that certain types of attacks occur most frequently? Perhaps that may cause us to be just a little more vigilant at those times. Well, that is exactly what several security firms have revealed recently, based on different analysis of attacks.

 

Here's when different attacks occur most frequently in the US (times are US Eastern Standard Time or EST):

 

MALICIOUS EMAIL ATTACHMENTS - Thursdays at 9:00 AM. The volume of emails that contain malicious email attachments spike on Thursdays (38 percent over the average weekday volume). The next most popular days (in order) are Wednesday, Monday, Tuesday and finally Friday. The weekends are low-volume malicious attachment days. And the 9:00 AM time is targeted because it's the start of the busy business day when many corporate users are combing through their emails and may have a tendency to quickly click on an attachment without thinking. The most popular attack at tricking victims to open an attachment is an email that pretends to contain an important invoice. Other popular attacks include emails that contain scanned documents sent from office printers or copies, email delivery failure notices, order and payment confirmation messages, and airline flight confirmations.

 

PHISHING EMAILS - Tuesdays and Thursdays. Most phishing emails are received on Tuesdays and Thursdays. And users are quick to respond: about 25 percent of all clicks on malicious URLs occur within the first 10 minutes after it is received, and half of the clicks occur within the first hour (87 percent happen within the first 24 hours).

 

KEYLOGGERS AND BACKDOORS - Mondays.

 

RANSOMWARE - Ransomware is most often sent between Tuesdays and Thursdays. Yet it also holds a unique distinction: ransomware was the only category of malware in which large volumes was sent on weekends.

 

SPAM - Tuesdays 9:00 AM to 4:00 PM. Whereas spam used to be sent around the clock (and in many instances still is), attackers now are focusing on when their victims will be online, especially corporate workers. Specifically, Tuesday had the most spam activity, followed by Wednesday and Thursday. Spam usually peaks at two different times during the day: first around 9:00 AM and then again at 11:00 AM.

 

So, these are when the attacks are most likely to occur. What are the most likely times that a user will fall for the attack?

 

Interestingly, it's different in different parts of the world. In the US and Canada, along with the UK and most of Europe, most users make a poor decision and click or open something that they should not between 8:00 AM and 3:00 PM. But the French most often clicked when they should not at 1:00 PM. And Swiss and German users generally peaked on falling for attacks in the early hours of the workday, while UK users had a drop in their bad activity after 2:00 PM.

 

What are the lessons learned? If anything can be gleaned from these numbers, perhaps it's that users need to exercise caution at looking at emails on Tuesdays and Thursdays at the beginning of the workday and right before lunchtime.

 

You can read more about when attackers attack at https://www.proofpoint.com/us/resources/white-papers/human-factor-report and https://www.esentire.com/resources/knowledge/2017-q1-threat-summary-report/ and https://securityintelligence.com/all-in-a-spammers-workweek-where-do-the-busiest-spammers-work-aroun...