While it’s important to block malicious messages from reaching the inbox in the first place, the other side of email defense is to be able to flag already-delivered messages and block those links after realizing they were malicious. The longer a malicious URL is in the inbox, the more likely it is that the user will click on it. Being able to block those links, or proactively removing those emails even after delivery, would reduce the threat.
While Proofpoint’s analysis focused on email-based attacks and spanned the end of 2016, email wasn’t the only threat vector where the attackers paid attention to the day of the week. An analysis of all the attacks investigated by the eSentire Security Operations Center in the first quarter of 2017 found that some attacks were more common on certain days. The volume of threats, which in eSentire’s report included availability attacks such as distributed denial-of-service (DDoS), fraud, information gathering, intrusion attempts and malicious code, was highest on Fridays, followed by Thursdays. Availability attacks didn’t care about the day of the week, but fraud was dramatically reduced on weekends. Malicious code was most common on Thursdays, and intrusion attempts were higher on Fridays.
There is no day off when it comes to defense. The security tools scrutinizing email messages as they arrive, before letting them reach user inboxes, have to be capable of handling peak volumes without sacrificing performance. But if defenders know that the second half of the week tends to be worse in terms of malware and credential theft, they can put in extra monitoring and scanning to detect possible new infections. By allocating more time in the second half of the week to investigate alerts, security teams may detect attacks sooner, and reduce the potential damage.
Sign up for CIO Asia eNewsletters.