October is high season for cyberattacks, Infosec Institute study shows

A study by Infosec Institute indicates that there has been an exponential increase in cyberattacks globally in the last five years, and a major part of it happened in the month of October each year as attackers apparently exploit natural disasters.

vulnerable breach cyberattack hacker
Thinkstock

There has been an exponential increase in cyberattacks around the globe in the last five years and a major chunk of it happened in October each year, according to a study by Infosec Institute.

A similar offensive appears to be building up this month, judging from the study's projections for an "October surprise" as well as observations of cyberattacks that have occurred so far.

The study underscores that the attacks that have occurred in the month of October in the past five years have been traced back to mainly five offending entities — Russia, China, North Korea, Iran, and a catchall grouping termed anonymous. The anonymous grouping is used to refer to  unclaimed attacks with unknown assailants and could not be linked to any offending parties or nations. 

Although no specific explanation could be ascertained for the sudden spike in attacks in the month of October over the last five years, the study's author presumes that part of it could be attributed to the "all-hazard" incidents — disruptive events of all different types — experienced by both hemispheres during the month of October. The cyberattacks could have been timed to coincide with nations already battling natural disasters.

Before reaching the assumption that the cyberattacks may be related to natural disasters, Clairday had also reviewed the data against political, science and technology news, not finding any conclusive connections with cyberattacks occurring during the months of October from 2017 to 2020.

Cyberattacks correspond to natural disasters

“The only plausible co-relation I could find to the October spikes was the natural disasters," says Jerri Clairday, who prepared the Infosec Institute report under the guidance of James Phelps, a security consultant and academic. "Upon performing a basic rudimentary Google search for global disasters in the month of October, I found that there was a significant increase in that period. The fall in the northern hemisphere and spring in the southern hemisphere both experience higher calamities. This led to the theory that there could be a connection.” Clairday says she is following this up with subsequent research and intends to drill down on the notion and attempt its validation.

“The correlation, I figured, owes to the fact that maybe whenever there's a national disaster the bad guys look to take advantage of any opportunity they can. They know that they can get to people at that time as their heartstrings are already being tugged at and most forgo good cyberhygiene, thereby falling prey to phishing and other attacks as they look to donate and be helpful,” explains Clairday. “The disasters don’t necessarily have to be natural, many attacks have happened in the backdrop of men-caused national distresses.”

Wave of cyberattacks builds this month

A similar wave of cyberattacks appears to be growing this month. Earlier this month, security researchers uncovered cyberespionage operations by an Iran-based hacker group targeting aerospace and telecom firms with a previously undocumented stealthy Trojan program that's been in use since 2018.

In addition, Cybersecurity firm DarkOwl has recently discovered a cyber-criminal group offering to hack hospitals located across the European Union (EU) to access and falsify Covid-19 vaccination records for willing buyers on the darknet.

In one of the bigger recent hacking incidents, Amazon-owned gaming platform Twitch suffered a data breach earlier this month. According to multiple media reports, the breach has revealed a large stock of sensitive data, including Twitch’s entire source code and several years of payout information on the service’s most popular streamers.

October cyberattacks jump in last 5 years

The data from 2016 through 2020 reveals that there were 41 significant attacks in 2016, a 17% increase from the previous year, with a monthly average of 3.41 attacks. For 2020, the numbers stood at 134, a 23% increase on the previous year, at 20.6 attacks a month on average. The five-year period had, in entirety, registered a 283% jump in attacks.

The anonymous grouping led the ranks of offenders with 111 incidents for the five-year period. Russia was a close second with 95 incidents, China at 91, Iran at 54, and North Korea at 42.

The report underlined that the 14 attacks registered as coming from the US were either mitigations or countermeasures in response to breaches or attacks, and were not further evaluated.

Zeroing in on the October incidents from 2016 – 2020, the numbers rose from 3 to 25, for an increase of 1,150%.

“We indeed witness a dramatic uptick in attacks in the months of October, although I can’t quite place a valid explanation," says Forrester analyst Allie Mellen. "My best guess is that this is related to people coming back from the summer holiday and experiencing being back in the workforce and in situations that they haven't been in a while. They must leave out a vulnerable window that they need to be brought up to speed.”

The attacks during October during the five years that were analyzed included government data sweeps; breaches of banks, elections and national security contractors; transportation and media disruptions; and distributed denial-of-service attacks (DDoS). Significant targets included intellectual property, energy, military and political infrastructures.

The nature of attacks in the period ranged from malware to botnets.

“Right now ransomware is the flavor of the day. I think we can probably reliably predict that there will be more ransomware attacks and they’ll continue to grow until we make some policy decision around cryptocurrency and paying a ransom,” says J. R. Cunningham, CSO at cybersecurity vendor Nuspire.

Security takeaways for October 2021

The Infosec Institute study predicts that there will be at least a 40% increase in incidents in October 2021 by the "anonymous" grouping that are broad in reach in terms of the number of victims, types of information sought, purpose, duration, and method of attack.

The study forecasts offenses by China will increase by 92% and would mainly involve  espionage, intellectual property theft, transportation and military defense infrastructure, and diplomatic surveillance.

Iran has been a consistent offender and despite having smaller numbers in the past is expected to increase efforts by 224%, launching military and political attacks against neighbors Iraq, Kuwait and United Arab Emirates. The US could also be a target, judging from prior-year data.

North Korea is expected to increase attacks by 76% against private companies, non-governmental organizations (NGOs) and government agencies involved with novel events (for instance pandemic research institutes).

Russian attacks are expected to grow by 36%, centering mainly around energy, telecommunication and research infrastructures. It could also hack into novel research and sporting facilities.

Elaborating on the many threats that could go into an "October surprise," Nuspire's Cunningham warns of ransomware attacks on critical infrastructure, pointing to recent incidents involving  Colonial Pipeline, and meat supplier JBS. "We kind of know that the bad guys have critical infrastructure in their sights,” he said.

The other interesting phenomenon to watch out for, according to Cunningham, is supply chain shortages in retail as people start shopping for the holiday season. “It's going to be a ransomware attack against critical infrastructure or retail providers,” he added.

What CISOs can do to avoid risks

Speaking about the possible steps CISOs around the globe could take in preparation, Cunningham says, “When we talk to our customers, we advise them essentially to do a couple of things. We don't need to get fancy here. It's back to basics — patching, privileged access management, multifactor authentication, these are all critical and they're relatively inexpensive and easy ways to thwart enemy activity. One of the struggles that we have in the cybersecurity industry is that we try and overthink the problem and many times the bad guys are using very simplistic methods to compromise organizations.”

To efficiently tackle upcoming threats, Forrester’s Mellen says CISOs must try to cover the basics by implementing multifactor authentication using strong passwords, advocating for password managers, and patching on a consistent schedule.

Training reviews are also crucial for CISOs, says Keatron Evans, principal security researcher at Infosec Institute. “They need to make sure that they're paying closer attention and getting their people fully trained," Evans says. "Training is usually overlooked in the day-to-day grind, but it’s imperative that they're constantly being trained and informed on what these latest threats are, because the threats that we got hit with October 2020 were probably significantly different than some of the attacks that we might see this October,” he said.

He added that since there's a likelihood that an increase in cyberattacks is coming, CSIOs should allocate some temporary resources toward detection and prevention of threats.sec

Related:

Copyright © 2021 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline