- Статьи
- Internet and technology
- The Mafia is waking up: why hackers are switching to nighttime cyber attacks
The Mafia is waking up: why hackers are switching to nighttime cyber attacks
Hackers are increasingly trying to carry out cyber attacks at night, hoping to remain unnoticed, experts have warned about this. In particular, Kaspersky Lab specialists have identified a campaign carried out at night by a group of Librarian Ghouls hackers, who have attacked hundreds of corporate users from Russia since December 2024. For more information about why hackers switch to nighttime cyber attacks, how dangerous it is and how to protect themselves from such threats, read the Izvestia article.
Why are nighttime cyber attacks interesting to hackers?
Cybercriminals attack at night, because at this time they expect less control from information security teams, says an expert from the Solar 4RAYS Cyber Threat Research Center (Solar Group) in an interview with Izvestia Vladimir Stepanov. For example, in its ThreatDown report for 2024, MalwareBytes notes an increase in attacks using cryptographers at night (between 1:00 and 5:00) and during the holidays.
—Attackers operating at night expect their sometimes careless actions to go unnoticed," adds Nikita Sinkevich, incident response expert at Angara SOC. — The presence of an attacker on the network may trigger some kind of information protection device (SPI) or a sudden surge in the load on the resources of the target system or network.
According to Nikita Sinkevich, such events may well go unnoticed by the employees of the attacked organization if the appropriate processes for monitoring and responding to such incidents are not built inside.
As a rule, the actions of criminals become known only in the morning, when the malicious operation has already been completed and the company's data has reached the attackers, says Vitaly Fomin, head of the information security analyst group at the Digital Economy League.
How can hackers use nighttime cyber attacks in 2025?
The tactics of conducting cyber attacks at night and during the holidays will remain popular, Vladimir Stepanov says in an interview with Izvestia. The attackers continue to hope that companies will decrease the level of operational response from information security teams at this time, which will allow them to remain unnoticed longer and carry out attacks with minimal risk of detection.
"Any attacks can be more successful if they are carried out at night," says Sergey Polunin, head of the Gazinformservice IT Infrastructure Solutions protection group. — This is not a guarantee, but an additional bonus for attackers. For example, it is easier to integrate into supply chains when automatic builds are launched at night. Or, for example, attacking SCADA systems may be more effective when the night shift is weaker and monitoring is less active.
In 2025, the level of cybercrime continues to grow and companies should expect more sophisticated attacks, from infiltration into supply chains to theft of confidential data through phishing sites and messages, adds Vitaly Fomin. In addition, attackers are improving their mechanics with the help of artificial intelligence (AI) technologies, which makes it more difficult to detect malicious activity.
It is possible that scammers will become more active in using adaptive systems to select the optimal attack time, as well as generate realistic phishing (WEIGHT attacks) and traffic masking, the expert predicts. In turn, Denis Kuvshinov, head of PT ESC's TI department, speaking about nighttime cyber attacks in 2025, notes that their main threats are the theft of confidential data, data encryption for ransom for decryption, or data destruction.
— Most often, hacktivists destroy data, who can later write about it in their Telegram channels, - says the specialist.
What kind of overnight cyber attacks have experts encountered before?
In their practice, cybersecurity specialists have previously encountered night attacks by the Asian Space Pirates group, says Denis Kuvshinov. According to the expert, in almost all cases, the group operated from 12 a.m. to 7-8 a.m. and engaged in espionage: on duty, it was present in the infrastructure (for up to several years) and collected confidential documents or letters in the mail.
— We also came across other cases when hackers hacked the victim long ago, after 1-2 months they came to the infrastructure and carried out mass encryption in order to either destroy the data or demand a ransom for decrypting the data, — says the source of Izvestia.
The history of night attacks includes several rather high-profile incidents, adds Sergey Polunin. For example, the famous attack on the American IT company Solarwinds in 2020 was carried out at night to reduce the likelihood of detection. Another example is the attacks on banks in Southeast Asia: they are attributed to hackers from the Lazarus Group, and they also took place at night.
A separate problem is phishing, which is sent out just at night so that people receive it in the morning and inadvertently open and read it, notes Sergey Polunin. Phishing mailings on behalf of large organizations have become one of the most popular tactics of nighttime cyber attacks, adds Vitaly Fomin. Attackers send emails with attachments containing malicious code.
— When the user opens it, a program for remote access to software management is installed on the computer, — says the expert. — The purpose of scammers is to get the accounts of the organization.
The program only functions from one a.m. to five a.m., when the company's IT specialists cannot detect a securely disguised malware installation, says Vitaly Fomin. After receiving the necessary data, the attackers remove all traces of their presence from the hacked computer, including the program.
How to protect yourself from nighttime cyber attacks by hackers?
As a rule, nighttime cyber attacks are aimed at companies with vulnerable IT infrastructure and insufficient monitoring of activity after hours, says Vitaly Fomin. Government agencies and critical facilities are also at risk — attacks can lead to disruption of management systems and leakage of confidential information, including personal data of citizens.
"The authorities are not always able to respond promptly to threats: there are no round—the—clock shifts for security department employees, and there is not enough experience or funding for monitoring," the source tells Izvestia.
According to Vitaly Fomin, if the company's employees work in different time zones, this may also be a risk factor. Due to the time difference, it may be easier for attackers to attack unprotected workplaces. If software updates or security patches are centrally applied only during standard business hours, computers in other regions remain vulnerable.
In addition, corporations and banks always attract fraudsters, because with their help hackers can gain access not only to data, but also to financial assets. General cybersecurity measures are needed to protect against nighttime cyber attacks, but taking into account their specifics, Denis Kuvshinov notes. At night, the response time to incidents can be longer, so it is important to organize round-the-clock monitoring: either create your own SOC shifts, or hire information security vendors.
"Automated threat detection systems (SIEM), multi—factor authentication, regular software updates and data backups also help," the specialist concludes. — This reduces the risk of successful attacks, including data theft or encryption.
Переведено сервисом «Яндекс Переводчик»
