Take any movie where robots rise up against their human makers, and you’ll see fear and panic set in. This happens in films such as The Terminator (1984), Screamers (1995), and I, Robot (2004). Why? Because robots operate on autopilot and are not constrained by human limitations: the need for food, water, or sleep. This is what makes malware so effective, and this is what makes malware so frightening.
Does malware sleep?
In Skyhigh’s recent findings, we discovered that malware activity occurred consistently regardless of the time of day, and was actually 118% more active at night when employees are sleeping. The data, which was normalized across time zones, shows that 2,157 malware incidents occurred during non-working hours (8pm – 8am) as opposed to the 987 malware incidents that occurred during working hours (8am – 8pm). This underlies the need for security teams to be able to continuously monitor behavior, regardless of when it happens.
Hacking as a full-time job
The benefit of monitoring behavior extends to human-led activities as well. As FireEye’s recent findings confirmed, hackers in China had mobilized as part of the People’s Liberation Army Unit 61398 and were actively targeting U.S.-based companies. The members of this highly-specialized operations unit stood out because, based on Dynamic DNS data captured by FireEye, they were highly consistent. They worked approximately from 8am to 5pm – highly typical of a person’s normal workday. Furthermore, 98% of the connections occurred Monday through Friday. (Even hackers get the weekend off.)
Though they were not mindless drones working around the clock, these hackers acted as a highly organized force; according to FireEye, the team consisted of specialized workers who had assigned roles to play (from the coders working on intrusion, to the sniffers collecting data once the target is breached). These operations were more thought-out and more tightly orchestrated than the activities of an amateur hacker poking around. They show an alarming amount of efficiency and focus.
The importance of continuous monitoring
These observations – both of non-human and human hacking – show that malicious activity has become more sophisticated. The line between bot and human becomes blurred as both parties show a machine-like dedication to infiltrating their target companies. Working to avoid detection while compromising as many systems as they can, these hackers literally treat intrusion as a full-time job. Except in this case, their salaries are made from the backs of the companies who are the unknowing victims. These findings illustrate the importance of real-time alerts and close monitoring, because the frequency and timing of the attack may not be so intuitive.
To see all of the data and discover more interesting facts about today’s enterprise cloud usage and risk, download the full Q2 Cloud Adoption and Risk Report below.