Cyber threat severity rises during holidays says research

1-in-5 cyberthreats detected between June and the end of September 2022 were higher risk, compared to just 1-in-80 in January found Barracuda.

Security and data protection company Barracuda’s analysis of cyber threats detected by its XDR platform through 2022 – with a special focus on the summer months – has revealed that while the volume of attacks dipped significantly between February to May, and again between July to September, the severity of each individual attack actually grew. 

“Cyber criminals tend to target companies and IT security teams when they are likely to be under-resourced. This could be on weekends, overnight, or during a holiday season, such as the summer. This is reflected in our data, which clearly shows that despite an overall reduction in threat volume, a significantly greater proportion of threats detected during the summer months were at the higher-risk end of the scale,” said Adam Kahn, VP of Global Security Operations, Barracuda. “This is especially worth bearing in mind as we head into the end of year holiday season.” 

Volume Dips, Intensity Spikes 

In January 2022, the number of threat alarms detected by Barracuda’s XDR platform spiked to 1.4 million, before falling sharply by just under three quarters (71.4%). This was mirrored by a second spike of 1.4 million alarms in June, which was followed by a similar if more gradual decline in July through August. However, while in January, only around 1 in 80 (1.25%) of threat alarms were serious enough to warrant a security alert to the customer, by June to September the rate went up to 1-in-5 (20%). 

The three most frequently detected threats between June and September were as follows: 

1.     Successful Microsoft 365 login from a suspicious country (High risk): This type of attack accounted for 40% of all attacks during the 90-day window between June and the end of September. The countries that flag an automatic security alert include Russia, China, Iran, and Nigeria. A successful breach of a Microsoft 365 account is particularly risky because it offers an intruder potential access to all the connected and integrated assets the target has stored on the platform.  

2.     Communication to an IP address known to Threat Intelligence (Medium risk): This type of attack, which includes any attempt at malicious communication from a device within the network to a website or known command-and-control server, accounted for 15% of all attacks during the monitoring period, 

3.     Brute force authentication user attempt (Medium Risk): Accounting for 10% of all attacks, these are automated attacks trying to penetrate an organisation’s defences by simply running as many name/password combinations as they can. 

Offering insight into how to build resilience to such attacks, Kahn said, “In the face of growing attack sophistication, organisations would be well advised to implement security measures that include enabling multifactor authentication (MFA) across all applications and systems, ensuring all critical systems are backed up, implementing a robust security solution that includes email protection and Endpoint Detection and Response (EDR), and ensuring they have visibility across their whole IT Infrastructure.” 


Featured Articles

ICYMI: New Age of the CISO and cybersecurity trends for 2023

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Kingfisher chooses Google Cloud as catalyst for growth

Google Cloud will support Kingfisher's digital ambitions with a range of solutions, from infrastructure to data analytics.

ICYMI: Cyber predictions for 2023 and trouble in paradise

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Osirium shares its cyber predictions for 2023

Cyber Security

ICYMI: Unloved emails and cybersecurity worth $500bn by 2030

Cyber Security

Cyber security market anticipated to reach $500bn by 2030

Cyber Security