Subscribe to receive notifications of new posts:

Do Hackers Take the Holidays Off?


3 min read

I was talking last week with Shawn Graham, a reporter at Fast Company, and he asked a simple but interesting question: do hackers take the holidays off?

CloudFlare sees traffic for hundreds of thousands of websites so we were able to answer that question by looking at the average percentage of requests that constitute threats, graphing the deviation, and then overlaying any events happening on those days. The answer to whether hackers take holidays off: it depends on the holiday. Shawn wrote a great piece using our data for his publication, but we wanted to highlight what we found here as well.

What's Normal?

Looking at the hundreds of billions of requests that CloudFlare has received over the last year, approximately 15% of them were some sort of threat. The percentage ranges depending on the size of the site, but the deviation is less than we would have guessed. The majority of these attacks are automated bots scraping for emails or scanning for vulnerabilities.

Do Hackers Take the Holidays Off?

As the graph above shows, the percentage of requests that are attacks varies from a low of about 5 percent to a high of almost 25 percent. Some of the swings depend on the day of the week. For example, Saturday is a relatively low day for legitimate web traffic, but a relatively high day for attacks, so the percentage of threat traffic generally ticks up on Saturdays.

Hacker Holidays

After we plotted the percentage of threat traffic we mapped it to a calendar of major holidays around the world. Generally, the major holidays in the United States from May - November did not see a drop in traffic. In fact, holidays like Halloween, Veterans' Day, and Mother's Day saw spikes in threat traffic. The biggest drops in attack traffic occurred around the start of the summer holiday season (August 1) and during Golden Week, the national Chinese holiday.

Most of the major attacks that we see originate from China and Eastern Europe, so the holidays could indicate that the European attackers are taking time off for classic summer vacation or Chinese attackers are stepping away from the keyboard to celebrate China's nationhood. That seems like it would indicate the attackers themselves are European or Chinese, but I don't think that's necessarily a valid conclusion to draw.

Bots Take Vacations

Most of the online attacks today use computers compromised by viruses to form a so-called botnet. Computers with unlicensed versions of Windows, or that don't have up-to-date anti-virus software, are particularly susceptible to infection. Eastern Europe, and to an even greater respect, China have a higher-than-average percentage of infected machines. The fact that the attacks originate from these regions don't necessarily mean the attackers are there, but rather that the botnets they are using to launch the attacks are.

So what's happening when there are big drops in traffic? It may be that a lot of the compromised computers in China are in office that are shut down for the Golden Week celebrations. In other words, it could be not that the attackers themselves take the holiday off, but rather that the resources they use to launch attacks aren't as available during certain holidays.

The graph above doesn't show Christmas or New Years. Last year we saw a run up in attacks prior to Christmas and then a significant drop off on Christmas itself, and an even larger drop on New Year's Day. We didn't have the scale last year to draw meaningful conclusions, but we'll be watching carefully this year and report back after we see what happened.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Follow on X

Matthew Prince|@eastdakota

Related posts

December 27, 2019 7:30 PM

Happy Holidays!

There are over 50 languages spoken at Cloudflare, as we have natives from many countries on our team, with different backgrounds, religions, gender and cultures. And it is this diversity that makes us a great team....

December 17, 2015 6:30 PM

Vancouver & Montreal, Canada: CloudFlare's latest data centers

With the holiday season in full swing, it's only fitting that we continue to spread cheer, joy and a faster Internet around the world. To start the season we begin in Canada with NHL rivals Montreal and Vancouver, our 70th and 71st points of presence (PoPs) globally. Montreal and Vancouver, the 2nd and 3rd largest Canadian metropolitan areas, respectively, join our existing PoP in Canada's largest, Toronto. Together, CloudFlare's network in Canada is now milliseconds away from the country's ...