Cyber professionals are losing sleep over late night attacks
Hackers are biding their time and launching attacks when businesses can’t respond
Cybersecurity professionals are being bombarded with alerts outside of business hours, with hackers deliberately timing their attacks for maximum impact.
Research from Arctic Wolf shows more than half (51%) of alerts recorded by security operations teams are recorded after the majority of the business has clocked out.
Around 15% of all alerts also take place on weekends, the study found, forcing security workers to drop personal activities and respond to potential incidents.
Dan Schiappa, Arctic Wolf’s president of technology and services, said the study highlights the 24x7 nature of the profession and gives a glimpse into the challenges faced by teams.
“Today’s threat landscape is defined by round-the-clock attacks that target identity, exploit timing, and drive alert fatigue, leaving defenders to navigate increasingly complex tactics,” he said.
Hackers are biding their time
Threat actors deliberately launch attacks outside of business hours or during holiday periods to maximize their chances of success, according to Arctic Wolf.
With skeleton crews essentially holding the fort, this represents the perfect opportunity to hit enterprise hard and leave teams scrambling.
“Some of the most notorious recent cyber attacks were meticulously planned to coincide with long weekends or holidays,” the study noted.
In 2021, the Scottish Environmental Protection Agency (SEPA) gained firsthand experience in this regard, with hackers striking on Christmas Eve.
The attack, claimed by the infamous Conti ransomware group, resulted in the theft of thousands of SEPA files.
Arctic Wolf’s findings align with previous research on these tactics, with analysis from Darktrace showing 76% of ransomware attacks occurring either after hours or over the weekend.
“As reduced staff wind down and employees mentally and physically log off from the workplace, there is a decline in the speed of detection and triage within an enterprise,” the company noted.
Similar analysis from Semperis last year showed 72% of ransomware victims were attacked outside of working hours, such as during holiday periods.
Notably, among organizations with dedicated security operations centers (SOCs), around 85% reduced staffing levels by up to 50% during holidays or weekends.
A key factor behind this, the study found, lay in general staffing challenges or the associated costs with overtime wages.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Best online cybersecurity courses
- How to choose the best cyber security vendor for your business
- The best malware removal tools
-
AutoCAD Users may have a ransomware problem – here's what they can doIn-depth A new malware family is currently using the same file types as the professional design software AutoCAD
-
Google Workspace just got a huge Gemini updateNews Google is targeting deeper Gemini integration across a range of Workspace applications
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in lifeNews With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Ransomware gangs are sharing virtual machines to wage cyber attacks on the cheap – but it could be their undoingNews Thousands of attacker servers all had the same autogenerated Windows hostnames, according to Sophos
-
Google issues warning over ShinyHunters-branded vishing campaignsNews Related groups are stealing data through voice phishing and fake credential harvesting websites
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
