Predicting The October 2021 Surprise

By   Jerri Clairday
, Infosec Resources | Jul 30, 2021 05:48 am PST

An independent study of significant cyber events worldwide, based on historical attacks documented by the Center for Strategic and International Studies (CSIS) since 2006, revealed a clear trend of increased attacks during the month of October for the past five (5) years with five (5) offending countries or entities responsible for the majority of the incidents. 

In researching a possible explanation for the spikes, the author found an increase in all-hazards incidents during the same time frames. Based upon analysis, it is predicted that October 2021 will also realize an increase in cyberattacks in proportion to increased all-hazards global events, in particular cyberattacks originating in Russia, China, North Korea and Iran. 

Cybersecurity teams and management should prepare beforehand, as should those working with critical infrastructure and emergency management of all types, while paying close attention to the events that unfold in October 2021.

This research was conducted with the assistance and guidance of Professor James Phelps, Ph.D., CCISO (LinkedIn).

Detailed research

Cybersecurity continues to be a global concern as society becomes more dependent upon artificial intelligence. Unfortunately, cybersecurity has not kept pace with research¹ or with the quantity and nature of cyberattacks, being primarily reactive rather than responsive or predictive. To be more effective with cybersecurity mitigation and countermeasures, and to move from reactive to proactive in cybersecurity evolution, predictions of future events must be made.² 

Currently, predictions are based upon forecasting and anticipation.³ The Center for Strategic and International Studies (CSIS) has compiled a listing of hundreds of Significant Cyber Events reported worldwide since 2006.⁴ This data has been analyzed for total number of events, number of events per month, offending country(ies), victim(s) and the nature of each attack categorized by broad descriptors, and is available for download. CSIS documented twenty-nine (29) offending countries, but this paper will address only the top six (6) major offenders, which include China, Iran, Russia, North Korea, the United States and a composite group of other countries referred to as “Anonymous.” Many times, assailants were unknown, non-disclosed or were non-specified nation-states. These were included in the Anonymous category. Some attacks were aimed at multiple victims. For this study, the first affected country or entity was recorded. 

CSIS data analysis

The number of events rose 3,250% from 2006 to 2020, with annual averages from 4 to 134, respectively.⁵ Significant increases were observed from 2006 to 2007 and 2016 through 2018. Focusing on the previous five (5) years 2016 through 2020, there were 41 (average 6.3 per month/pm at a 41% increase) in 2016 and 132 (20.6 pm at a 23% increase) in 2020. The months of October in each year revealed unusual spikes.

CSIS Analysis of Significant Cyber Incidents
2006 – 2020

image 90
Data extracted from CSIS Significant Cyber Incidents Since 2006 on February 1, 2021. Table by Jerri L. Clairday

Focusing on the average of October incidents from 2016 – 2020, the number rose from 3 to 25 or an increase of 1,150%.⁶ ⁷ When analyzing the increases further, six (6) countries or entities were habitual attackers: Anonymous, China, Iran, North Korea, Russia and the United States. The United States’ reported incidents (14) were mitigation or countermeasures in response to breaches or attacks and were not further evaluated.

Anonymous, for many reasons, claims the highest number of incidents with a total of 111 for the five (5) year reporting period. Russia claims second place for the highest number with 95. China follows with 91, Iran with 54 and North Korea with 42. Iran launched offensives during four (4) of the five (5) years. India, Pakistan and Vietnam launched attacks during three (3). Mexico, Palestine, Singapore, South Korea and Turkey launched attacks during two (2). Also, 14 countries were responsible for attacks during only one (1) year. The five (5) major offenders (referred to the Top 5 from this point forward) were major threats to international cybersecurity in diverse attack methodologies and targets for information or maliciousness.⁸

CSIS Analysis of Significant Cyber Incidents
2016 – 2020

image 93
Data extracted from CSIS Significant Cyber Incidents Since 2006 on February 1, 2021. Table by Jerri L. Clairday

Top 5 Offenders
Octobers 2016 – 2020

image 94

Data extracted from CSIS Significant Cyber Incidents Since 2006 on February 1, 2021. Table by Jerri L. Clairday

Five-Year Analysis by Country

image 95

Data extracted from CSIS Significant Cyber Incidents Since 2006 on February 1, 2021. Table by Jerri L. Clairday

In attempting to discover a correlation for the October spike trend, current events were reviewed in the categories of world news, disaster news and science and technology news. No conclusive trends nor connections could be determined from the global events or technological advancements occurring during the months of October 2017 to 2020 that could explain the escalations. However, the dominance of natural disasters during October could be a reason for the increases. Cyberattackers could be maximizing their opportunities while countries are vulnerable from natural catastrophic events that historically occur during the fall in the northern hemisphere and spring in the southern hemisphere. 

October analysis by year

In 2020, civil unrest plagued Kyrgyzstan, Nigeria, Thailand and Poland.⁹ The United States was in the midst of its all-consuming and important general election, and record-setting wildfires took over the states of California, Colorado and Utah. Hurricanes, tropical storms, typhoons and other natural disasters caused destruction in other parts of the world, including a stampede in Afghanistan and an earthquake that rocked Greece and Turkey.¹⁰ Additionally, the entire world was struggling with the catastrophic effects of the coronavirus disease (COVID-19). 

In October 2019, there were protests in Hong Kong, France, Ecuador and Ethiopia. North Korea was test-firing missiles. A ground offensive was launched in Syria. A state of emergency had been declared in Chile.¹¹ There were wildfires in California and Colorado. Cameroon was experiencing landslides. Southern Europe was drowning in severe floods. A typhoon made landfall in Japan. Additionally, a dam burst in Siberia.¹²

In October 2018, a fuel tanker crashed in the Congo. Ships collided in the Mediterranean. There was a bus crash in Kenya that killed 50 people. There was a mass shooting at a college in Russia. Jamal Khashoggi, a Saudi Arabian journalist, was confirmed to have been tortured and murdered. A stabbing at a Chinese kindergarten occurred.¹³ France, Jordan and Majorca experienced catastrophic flooding. Asia was still reeling from the Indonesian Tsunami, and the death toll continued to rise. Haiti was hit with a deadly earthquake. Hurricanes hit the United States’ coasts.¹⁴

In October 2017 in Afghanistan, an American family that had been held for five (5) years was rescued. Turkey invaded Syria. Bomb attacks in Somalia killed over 300 people. The Taliban killed 69 in an attack in Afghanistan. Also, in Afghanistan, suicide bombers killed 72 in coordinated mosque attacks. A suicide bomber in Pakistan killed 7. Four Yemeni soldiers were killed in bombings. Violence erupted in Kenya after their election. Also, Madagascar experienced an outbreak of the plague.¹⁵ There were wildfires in California, Portugal and Spain. Puerto Rico was in darkness and despair after Hurricane Maria. Ireland had also been hit by Tropical Storm Ophelia.¹⁶

Analysis by offender


Anonymous was not credited with any offenses in 2019. However, their targets for the time period included Australia, Azerbaijani, Brazil, Eastern Europe, Liberia, South Asia, Ukraine, United Nations, United States and Yahoo. The nature of attacks ranged from government data sweeps to breaches in banks, elections and national security contractors to transportation and media disruptions and Distributed Denial-of-Service attacks (DDoS). 


China’s offenses were predominantly against the United States. Internal Chinese entities and infrastructure, Africa, Germany, Myanmar, Russia and Southeast Asia were also victims. The nature of China’s attacks included espionage, retaliation and intellectual property theft. One of China’s attacks against the U.S. was explained as “retaliation” for the National Security Agency (NSA) Prism Program. China appears to have had broad international interests with attacks on cultural nonprofits, religious groups, art and science as well. 


Aside from Australia and the United States, Iran’s attacks concentrated on the Middle East, including internally and Iraq specifically, and were predominately data sweeps of election information, intellectual property and universities. Internally, Iran experienced malware, diplomatic data grabs and maritime operations disruptions. They targeted former President Donald Trump’s campaign for reelection in 2019 and the United States’ 2020 voter registration websites. They disrupted Iraq’s government agencies’ telecommunications capabilities. Additionally, they launched phishing and intellectual property theft campaigns against many universities abroad. 

North Korea

North Korea arrived as a formidable threat to cybersecurity, with intensity in 2018 jumping from five (5) to 12 in 2020, representing their largest rate of growth. Their victims included non-specified international targets, India, Russia, South Korea, United Nations and the United States. The nature included national security intelligence grabs and energy infrastructure and COVID-19 intelligence gathering. North Korea specifically seemed interested in energy infrastructures with intelligence breaches on nuclear policy between South Korea, Japan and the United States. They attacked India’s nuclear power plant detection system and the United States’ electric companies. North Korea also breached Russian aerospace and defense companies. 


Russia’s victims included, but were not limited to, Europe, Poland, Saudi Arabia and the United States. Russia’s infiltrations included politics, foreign embassies and diplomats, energy infrastructure and internal governmental networks. They also were involved in hacking sports by attacking the Federation International Football Association (FIFA) World Cup in 2018, the 2020 Tokyo Olympics, and United States and international anti-doping agencies. Their main target during the time period was the United States. They were particularly interested in our 2016 and 2020 general elections, the Democratic National Committee (DNC), NSA and our military. They also interfered in France’s election in 2020. (CSIS, 2021). Although diversified, they seemed particularly interested in energy and chemical plants, information and telecommunications systems, espionage and military. 

October 2021 predictions

Although no concise or confirmed explanation could be determined for the October spikes, the data clearly reflects an increase in cyberattacks during the month of October. It is predicted that October 2021 will see an increase in cyberattacks. Based upon historical natural disaster occurrences, the number of attacks will plausibly increase with the increase in disasters. Should more natural disasters occur, more attacks will follow. The converse is also plausible. These predictions are specifically for the month of October 2021 and are based upon the CSIS incidents analysis. 


With the inability to determine the number of offending countries or entities and nature of attacks represented within the Anonymous category, it is predicted there will be at least a 40% increase in incidents that are broad in reach in terms of number of victim(s), types of information sought and purpose, duration and method of attack. This predicted percentage increase was derived averaging the total percentage increase (90%) by the five (5) year period. Special attention should be paid to DDoS prevention and mitigation. 


By continuing with the same calculation of average percentage increase, it is predicted that China will increase their attacks by 92%. It is further anticipated that the attacks will continue to be in personal data and intellectual property theft, espionage and diplomatic surveillance. When reviewing the nature of their previous October attacks, the incidents against the United States were related to military defense and mass travel infrastructure. A logical assumption is to expect continued breaches for intelligence gathering in espionage, intellectual property, and transportation and military defense infrastructure. In 2020, China randomly attacked Russia, India, Ukraine, Kazakhstan and Malaysia in a series of diversified attacks. These types of random attacks with random victims should also be expected. 


Although Iran’s total incidents for the time frame was 54, they have emerged as a consistent threat with an expected 224% increase in October 2021. They should be anticipated to continue military and political attacks against Iraq, Kuwait, United Arab Emirates and the United States.

North Korea

It is predicted that North Korea will continue to attack energy infrastructures in the United States and abroad. North Korea should be expected to interfere and infiltrate, by a 76% increase, private companies, non-governmental organizations (NGOs) and government agencies involved with any novel or current event (e.g., pandemic research). As novel incidents cannot be predicted, it is prudent to be aware that neither can North Korea’s victims. There is a high probability that North Korea will attack during a novel event and search for information that is germane and critical to the novel event. 


It is predicted that Russia will increase their attacks by 36% in October 2021. It is also predicted that they will continue to attack critical infrastructure, energy infrastructure, telecommunications systems and chemical plants. Russia can be expected to interfere in international politics and elections with particular interest in the United States. It is anticipated that they will continue to attack governments, military and national security abroad. Like North Korea, there is a high probability that Russia will attack the host of an international novel event. Lastly, it is predicted that Russia will interfere in international sports competitions, as evidenced by their interference with FIFA and the Olympics.


Cyberattacks will continue to increase and expand into areas other than just computer and data. This includes critical infrastructure, as with the 2021 Colonial Pipeline cyberattack. Managers of sporting events should also be prepared for interference from APT actors. It is imperative to evolve from reactive cybersecurity to proactive cybersecurity. By analyzing past occurrences, future trends and connections can be explored to either prevent attacks or more quickly mitigate their effects. Predictions can be made to better prepare for impending cyber incidents of all types.