The amount and variety of cyber threats is constantly increasing. Although awareness among potential victims is on the rise, attackers continue to develop more sophisticated threats and the drivers to hack become more dominant as the potential gain from a successful cyberattack keeps growing. Hackers also constantly improve their ability to lure, which is crucial for their success.
Attackers’ motivations may vary, but in most cases their goal is to earn money. Just like any other business owner, a hacker planning a new attack would typically look for opportunities that make their efforts as cost-effective as possible. Unfortunately for us, the holidays present the perfect timing for such scams, increasing hackers’ success chances. Aiming to lure individuals into clicking a link or opening a file, bad actors take advantage of the holidays and send their victims malicious emails in the form of greeting cards, party invitations or leverage the rise in shopping for phishing campaigns.
So, how do attackers plan their attacks? And why do they release many of them during the holidays? Let’s learn a bit about the hacker’s considerations and the common methodology of planning new attacks, in order to better understand why holiday season = hacking season.
The Hacker’s Perspective: Attacks at a Glance
When an attacker creates a new attack, there are some crucial decisions that are made. Here are a few of them:
Who to attack? Personal users? Governments? SMBs? The attacker needs to target the most profitable choice.
What kind of attack? Should that attack be a ransomware, credential harvesting or a trojan horse that lies in stealth until further notice?
How to attack? Deliver the attack via email? Text message? Whatsapp? Post a deceiving message in an online forum?
The fact is that most attackers choose to go with email as their primary attack vector. It is relatively easy to gain access to hacked email accounts in order to send out the attacks from there. It is also fairly easy to find a list of email addresses to attack while remaining anonymous during that process.
When to send the attack? The attacker needs to find the optimal time to send these malicious emails. Are they more likely to be opened during work hours? On the weekend? Are there specific times in the day/month/year in which the email would look more legit or real?
The “when?” question is crucial to attackers’ success. A purchase order sent on Saturday night might a bit suspicious. A file named “Game of Thrones season 8 summary” might not be interesting once all episodes have already aired. As in many other fields, timing is everything.
Why would the victim open the attacker’s attack? That question is very important. If 100% of the attacks end up in the victims’ mailboxes but none of these receivers will eventually click on the malicious email – it’s as good as nothing.
The attacker must make their email as appealing as possible, personalize it as much as possible and lure victims to open and click it. In case the attack is not targeted at someone specific, the law of large numbers applies and the attacker needs to make the email seem legit and appealing for a large portion of the population.
Why is the holiday season a fertile soil for attacks?
The answer to the question: “Why do hackers release so many attacks during the holidays?” lays in the answers to “When to send the attack?” and “Why would the victim open the attacker’s attack?”.
Social engineering is the keystone of any cyberattack. If sending an email from a stranger, the attacker needs to ensure that the victim won’t suspect anything. On any other day, the hacker would typically send a fake ‘CV’, ‘Invoice’ or ‘Purchase Order’ – all are email types expected from strangers. To make it reliable, the hacker will need to identify the relevant stakeholders in the organization, i.e. HR or accounting, and send it to them. This makes the hacker’s job more complex.
The approaching holiday season brings new opportunities to hackers, as all of us are used to receiving greeting cards, party invitations and other holiday-related content via email during that time of the year. In many cases, these arrive from people that we don’t know or don’t remember. Sending an infected holiday greeting card, the attacker does not need to direct the attack to specific stakeholders, which makes his job much easier.
This is perfect for attackers and they take advantage of it.
As such, it is no surprise that companies and individuals experience massive increase in cyberattacks during the holiday season. In fact, those holiday season attacks are so successful, that the US-cert issued a warning about it a few years back.
In order to stay safe, try to avoid clicking on any unsolicited emails, be extra suspicious with any content you receive and alert the ones you care about, so their holiday and yours will be safe from cyberattacks.