The summer lull in nefarious activity preceding the holiday season may be associated with many hackers taking summer vacation, according to a survey given to attendees of a popular hacker conference.
To get security news and tips delivered to your inbox,
Companies and individuals are less likely to be targeted in late summer by spammers, phishers and malware pushers, according to the Tufin Technologies survey of 79 hackers attending DEFCON 17 in Las Vegas earlier this month. Tufin said 81% of those surveyed revealed they are far more active during the winter holidays.
"Clearly these guys are no longer kids hacking on school vacation," said Michael Hamelin, chief security officer of Tufin. "There are some well-funded organized criminals taking advantage of seasonal patterns and striking at the best possible opportunity."
Christmas and New Years Eve continues to be the busiest time for hackers and spammers. Of those surveyed, 56% cited Christmas as the best time to engage in corporate hacking and 25% specifically named New Years Eve.
Hamelin said U.S.-based companies tend to stagger summer vacation time, ensuring a fairly strong staffing level in the summer months. But many firms fall back on a skeleton crew during the holiday season, freezing projects that involve heavy coding and data center changes. The lull offers a window of opportunity for infiltration.
"During that end of year break there's always a large concentration of people who aren't at work," Hamelin said.
Hackers are People Too:
Hackers Are People Too: In this 2008 edition of Security Wire Weekly, Ashley Schwartau, director of the documentary Hackers Are People Too, explains the challenges of making a movie about hackers. The documentary looks at the human side of the hacking community. The film debuted last year at DEFCON 16.
The survey data supports monthly and quarterly reports from security firms which traditionally show a decline in spam campaigns as well as hacking incidents during the summer months. MessageLabs Inc., which has been tracking spam volumes and noting phishing and malware trends since 2005, has noted the same traditional spike in the winter months. However, the trend was disrupted in 2008 with the demise of the de-accreditation of EstDomains, an ISP suspected by many to be hosting the command-and-control channels for botnets and the shut down of McColo Corp., which was known to be a hosting provider for spammers and malware pushers. The actions sent spam in a period of decline before rebounding earlier this year.
Still, many Web-based attacks are automated and designed to take advantage of end users no matter what season it is. MessageLabs and other firms have been tracking the increased use of complex Web-based malware to infiltrate social networks and target flaws in legitimate websites.
Hamelin also pointed out that the survey found poor firewall configuration continuing to be a popular weakness exploited by hackers. Eighty six percent of respondents' felt they could successfully hack into a network via the firewall; a quarter believed they could do so within minutes, and 14% within a few hours.
Redundant rules and open ports can expose vulnerable systems to the Internet. Firewall administrators should use the summer months to clean up the firewall rule base, he said.
"Instead of a hammer we should be using a scalpel," Hamelin said. "We need to sharpen the firewall and use it as a scalpel."