The 'January Effect' for cyberattacks is real, say experts

If you're reading this, then the world hasn't ended per the Mayan calendar. But it still might be a good idea for those in the information security business to be wary of this time of year.

Jeffrey Carr, an author on cyberwarfare and founder and CEO of Taia Global, noted in a post on Infosec Island this week that he has noticed a major breach or act of cyber warfare that kicks off the New Year -- every year since 2009.

Carr calls it "The January Effect," a well-established term in the investment world that refers to an expected price rise in securities after the first of the year. The effect, he said, is viewed as an opportunity for the bad guys.

He listed four major events as evidence:

  • December 2008 - January 2009: Operation Cast Lead, a land war between Israel and Hamas that included thousands of simultaneous cyberattacks.
  • December 2009 - January 2010: Google and 20-plus other companies were breached.
  • January 2011 (approximate) - March 2011: RSA was breached sometime early in 2011, and announced it on March 17, 2011.
  • January 2012: A hacker announced that he had Symantec's source code for Norton and other products.

"It may start in December and then get publicized in January, or happen in January and get publicized a bit later but it has happened four years in a row now so I fully expect it to occur once again," he wrote.

[See also: The 15 worst data security breaches of the 21st Century]

Some other security experts say they don't dispute the events presented, but aren't sure they stand out as all that different from other major attacks during the rest of a given year.

"The facts are what they are," said Jody Westby, CEO of Global Cyber Risk. "What is missing is any comparison with other months of the year. Was January really that different? We have had so many high profile incidents, in part because they are now more openly reported and media picks up on them more."

John Prisco, CEO of Triumfant, agreed that there are major attacks at the beginning of the year, but said hackers never take a break. "If you look at the year-round nature of some of the major breaches in 2011 and 2012 -- Sony, Epsilon, Global Payments, SC Dept. of Revenue -- clearly, they didn't all happen in January."

Carr told CSO Online that while major attacks are ongoing, those he cited were unique. "Operation Cast Lead, which contained a military and a cyber component, is very rare," he said. And the two involving RSA and Symantec are unique because they happened to major security firms.

He said it makes sense that attackers would ramp up their efforts at this time of year because people are on vacation. "You've got second- and third-tier security people working, while those in the first tier are enjoying the holidays," Carr said.

There is agreement that holiday season vacations are a factor. "There are more people logging into company networks from home computers, which are not as secure as corporate computers, during the holiday season, and cybercriminals know that there are few IT staff working during the holiday," said David Nevin, vice president at TaaSera. "So, it's a good time to launch an attack. It's not really a January Effect, it's a Global Holiday effect."

But Mike Murray, managing partner of MAD Security and also of the Hacker Academy, said he thinks it is more a matter of everything slowing in December and then picking up in January. "Even the bad guys take vacations," he said. "So, we have fewer cybersecurity resources looking for stuff happening right now, and fewer bad guys trying to do damage. But everybody comes back in early January."

Carr said he has no idea what the next attack will be, or where it will come from. Since writing his post he has heard no rumors. "Any serious attack is not going to be discussed in a public forum," he said. But, as he concluded in his post, he's "confident that it'll be something impressive."

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Tags: Google, Data Protection | Malware, applications, legal, Mayan calendar, The January Effect, software, data protection, cybercrime

Netcraft tool flags websites affected by Heartbleed

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Cloud Security and Compliance Solutions

Manage and visualize the security and compliance of VMware, physical, and hybrid-cloud infrastructure from the RSA Archer eGRC Platform.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.