Barracuda Research Finds Cyber Threat Severity Rises During Vacation Months


1-in-5 cyberthreats detected between June and the end of September 2022 were higher risk, compared to just 1-in-80 in January

Barracuda’s analysis of cyber threats detected by its XDR platform through 2022 – with a special focus on the summer months – revealed that while the volume of attacks dipped significantly between February to May and between July to September, the severity of each attack grew.

“Cyber criminals tend to target companies and IT security teams when they are likely under-resourced. This could be on weekends, overnight, or during a holiday, such as summer. This is reflected in our data, which clearly shows that despite an overall reduction in threat volume, a significantly greater proportion of threats detected during the summer months were at the higher-risk end of the scale,” said Adam Kahn, VP of Global Security Operations, Barracuda. “This is worth bearing in mind as we head into the end-of-year holiday season.”

Volume Dips, Intensity Spikes

In January 2022, the number of threat alarms detected by Barracuda’s XDR platform spiked to 1.4 million before falling sharply by just under three quarters (71.4 per cent). This was mirrored by a second spike of 1.4 million alarms in June, which was followed by a similar if more gradual decline in July through August. However, in January, only around 1 in 80 (1.25 per cent) of threat alarms were serious enough to warrant a security alert to the customer, by June to September, the rate went up to 1-in-5 (20 per cent).

The three most frequently detected threats between June and September were as follows:

  1. Successful Microsoft 365 login from a suspicious country (High risk): This type of attack accounted for 40 per cent of all attacks during the 90-day window between June and the end of September. The countries that flag an automatic security alert include Russia, China, Iran, and Nigeria. A successful breach of a Microsoft 365 account is particularly risky because it offers an intruder potential access to all the connected and integrated assets the target has stored on the platform.
  2. Communication to an IP address known to Threat Intelligence (Medium risk): This type of attack includes any attempt at malicious communication from a device within the network to a website or known command-and-control server, accounted for 15 per cent of all attacks during the monitoring period.
  3. Brute force authentication user attempt (Medium Risk): Accounting for 10 per cent of all attacks, these are automated attacks trying to penetrate an organisation’s defences by simply running as many name/password combinations as they can.

Offering insight into how to build resilience to such attacks, Kahn said, “In the face of growing attack sophistication, organisations would be well advised to implement security measures that include enabling multifactor authentication (MFA) across all applications and systems, ensuring all critical systems are backed up, implementing a robust security solution that includes email protection and Endpoint Detection and Response (EDR), and ensuring they have visibility across their whole IT Infrastructure.”