Why do disruptive cyber attacks seem to rise every August? I've been asking myself that question for several years now. Could it be the timing of the annual Black Hat convention? Students going back to college? Are the hackers taking July off and coming back refreshed in August? Or am I imagining things? I need your help.
First, a little background. Every year since (at least) 2003, we've experienced disruptive cyber attacks in August within Michigan State Government. So how do I define "disruptive," you ask? I mean that we see a significant increase in cyber attacks (could be DDOS, new malware, zero day viruses, etc.) that impact our operations in some meaningful way. Not that we never see them in other months, but the difference is dramatic and too consistently in August to be just chance. 2009 has been no exception, and this is the seventh year that this trend has continued. (Yes, we've always recovered, but not without some pain.)
We've joked that this trend occurs since several of our cyber experts (on our Michigan IT staff) take vacation in August every year, but this is no laughing matter. (More on that topic at the end of the blog.) The reality is that since our experience with the Northeast Blackout of 2003, I have always entered August with a bit of trepidation. I wonder: what will happen this year? This August has been no different. We've seen several attacks, similar to the ones that hit Twitter, Facebook and Google earlier this month.
Back in 2003, people were asking if the Northeast Blackout of 2003 was the "first act of cyber terrorism?" There are various views on this topic, but the focus at that time was on the "SoBig" virus which was hitting everyone at the time the grid went down that August. Since that year, we have seen various new August bugs such as Blaster, Zotob, Koobface, and others. But I'm not suggesting that most of these worms first appear in August. I am suggesting that the more damaging variant or some new form of these attacks seem to become known in August.
I've looked for (global) hard data to back up my thesis, but the only convincing data I have is from Michigan State Government. I need your help. I'd love to hear from government and private sector companies concerning cyber attacks they've experienced in August. I'd also love to hear from security and metric companies to see if they find disruptive August malware to be a trend. You can remain anonymous if need be.
Are you seeing more attacks that impact your systems and/or network operations in August in your organizations? Is this a wider trend, in your view? If yes, why do you think this trend exists? What factors contribute to August being a "hot" month - and I don't mean summer sunshine in the USA.
Lastly, why is this important - if I am correct? I'll list two reasons, although I am sure that there are many more. From a pragmatic perspective, you can "prepare" for August. Your security and technology organizations can be on high alert during this period. Like preparations for a coming hurricane, you can ensure that staff are ready for the coming storm. There are many ways to do this, but I'll leave that for another blog.
Second, if we discover that this pattern is true, we can hopefully discover why it is true. If we discover why it is true, we can potentially learn more about the sources and perhaps prevent the attacks in the first place. I know I am stretching here, but I am convinced that August is not like other months when it comes to disruptive cyber attacks. We have seen this attack trend in Michigan, friends have seen this trend in other states, and there is a reason why. Can you offer any ideas?