The 'January Effect' for cyberattacks is real, say experts

If you're reading this, then the world hasn't ended per the Mayan calendar. But it still might be a good idea for those in the information security business to be wary of this time of year.

Jeffrey Carr, an author on cyberwarfare and founder and CEO of Taia Global, noted in a post on Infosec Island this week that he has noticed a major breach or act of cyber warfare that kicks off the New Year -- every year since 2009.

Carr calls it "The January Effect," a well-established term in the investment world that refers to an expected price rise in securities after the first of the year. The effect, he said, is viewed as an opportunity for the bad guys.

He listed four major events as evidence:

  • December 2008 - January 2009: Operation Cast Lead, a land war between Israel and Hamas that included thousands of simultaneous cyberattacks.
  • December 2009 - January 2010: Google and 20-plus other companies were breached.
  • January 2011 (approximate) - March 2011: RSA was breached sometime early in 2011, and announced it on March 17, 2011.
  • January 2012: A hacker announced that he had Symantec's source code for Norton and other products.

"It may start in December and then get publicized in January, or happen in January and get publicized a bit later but it has happened four years in a row now so I fully expect it to occur once again," he wrote.

[See also: The 15 worst data security breaches of the 21st Century]

Some other security experts say they don't dispute the events presented, but aren't sure they stand out as all that different from other major attacks during the rest of a given year.

"The facts are what they are," said Jody Westby, CEO of Global Cyber Risk. "What is missing is any comparison with other months of the year. Was January really that different? We have had so many high profile incidents, in part because they are now more openly reported and media picks up on them more."

John Prisco, CEO of Triumfant, agreed that there are major attacks at the beginning of the year, but said hackers never take a break. "If you look at the year-round nature of some of the major breaches in 2011 and 2012 -- Sony, Epsilon, Global Payments, SC Dept. of Revenue -- clearly, they didn't all happen in January."

Carr told CSO Online that while major attacks are ongoing, those he cited were unique. "Operation Cast Lead, which contained a military and a cyber component, is very rare," he said. And the two involving RSA and Symantec are unique because they happened to major security firms.

He said it makes sense that attackers would ramp up their efforts at this time of year because people are on vacation. "You've got second- and third-tier security people working, while those in the first tier are enjoying the holidays," Carr said.

There is agreement that holiday season vacations are a factor. "There are more people logging into company networks from home computers, which are not as secure as corporate computers, during the holiday season, and cybercriminals know that there are few IT staff working during the holiday," said David Nevin, vice president at TaaSera. "So, it's a good time to launch an attack. It's not really a January Effect, it's a Global Holiday effect."

But Mike Murray, managing partner of MAD Security and also of the Hacker Academy, said he thinks it is more a matter of everything slowing in December and then picking up in January. "Even the bad guys take vacations," he said. "So, we have fewer cybersecurity resources looking for stuff happening right now, and fewer bad guys trying to do damage. But everybody comes back in early January."

Carr said he has no idea what the next attack will be, or where it will come from. Since writing his post he has heard no rumors. "Any serious attack is not going to be discussed in a public forum," he said. But, as he concluded in his post, he's "confident that it'll be something impressive."

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsData Protection | MalwareGoogleThe January EffectMayan calendarlegalsoftwaredata protectioncybercrime

More about CSOGoogleIslandNortonRSASonySymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place