Don’t like Mondays? Neither Do Attackers.

Monday may be our least favorite day of the week, but Thursday is when researchers say that security professionals should watch out for cyber-criminals; paying attention to trends like this can greatly reduce the potential for damage.

Attackers will spend just as much time planning when an email should go out as they do on what it will look like. According to Proofpoint in its Human Factor Report, malicious email attachment message volumes spike more than 38 percent on Thursdays over the average weekday volume, while Wednesdays came in second. “Attackers do their best to make sure messages reach users when they are most likely to click: at the start of the business day in time for them to see and click on malicious messages during working hours,” Proofpoint researchers wrote in the report. Weekends came in last, however, this doesn't mean that Saturday and Sunday are completely safe.

Malicious emails can arrive any day of the week, but there is a clear preference from attackers as to when to send certain threat categories. For example, Keyloggers and Backdoors tend to be sent on Mondays, and Wednesdays are peak days for banking Trojans. Ransomware tends to be sent between Tuesdays and Thursdays, while point-of-sale Trojans arrive towards the end of the week (Thursdays and Fridays) since security teams do not have as much time to detect and mitigate new infections before the weekend. On the weekends, according to Proofpoint, ransomware is what attackers primarily send with few exceptions.

Security teams need to be particularly alert on Thursdays as malicious attachments, malicious URLs, ransomware and point-of-sale infections all favor that day. In addition to these, credential stealing campaigns also favor Thursdays.Thursday were host to a clear increase in malicious attachments being sent, but emails with malicious URLs (the most common vector for phishing attacks designed to steal credentials) were constant throughout the week, with only a slight increase on Tuesdays and Thursdays.

Attackers understand employee email habits and know that feeding employees with a well-crafted email at the optimal time will bring higher success rates. The bulk of attack emails are sent four to five hours after the start of the business day, peaking around lunchtime. Proofpoint’s analysis found that nearly 90 percent of clicks on malicious URLs occur within the first 24 hours of delivery, with a half of them occurring within an hour, and a quarter of the clicks occurring within just ten minutes.

The time between delivery and clicking is shown to be the shortest during business hours (8 a.m. to 3 p.m. Eastern) in the US as well as Canada. The UK and rest of Europe had similar patterns to the US and Canada, however, there was some stratification in the averages according to region. For example, clicking on malicious links peaked around 1 p.m. in France while it peaked early in the workday in Switzerland and Germany. Users in the UK spaced out their clicks throughout the day, but there was a clear drop in activity after 2 p.m.

While it’s important to block and keep malicious messages from reaching the inbox to begin with, the other side of email defense is to be able to identify and flag messages that made it to your inbox and block those links when you realize that they are malicious. If you are able to accomplish this, you can greatly reduce the potential danger that these emails pose.

Proofpoint focused on email-based attacks, however, email wasn’t the only medium in which attackers paid attention to the day of the week. An analysis of all attacks, investigated by the eSentire Security Operations Center in the first quarter of 2017, found that some methods of attack were more likely on given days. The volume of threats, which in eSentire’s report included availability attacks such as distributed denial-of-service (DDoS), fraud, information gathering, intrusion attempts, and malicious code, was highest on Fridays followed by Thursdays. The day of the week did not matter as much when it came to availability attacks, but weekends showed a great dop-off in the amount of risk involved. Malicious code was most common on Thursdays, and intrusion attempts were higher on Fridays.

There is no day off when it comes to defense. The security tools scrutinizing email messages as they arrive, before letting them reach user inboxes, have to be capable of handling peak volumes without sacrificing performance. But if defenders know that the second half of the week tends to be worse in terms of malware and credential theft, they can put in extra monitoring and scanning to detect possible new infections. By allocating more time in the second half of the week to investigate alerts, security teams may detect attacks sooner, and reduce the potential damage.

Continued Reading

System Center Operations Manager Service Map Management Pack In Public Preview

[vc_row][vc_column][vc_column_text] Have you ever tried to use Distributed Applications in […]


Finance to Fashion - Industry Leaders Look to Microsoft

In every industry, companies are looking to create more engaging […]


Contact us Today!

Chat with an expert about your business’s technology needs.