CypherCon 2024

Holiday Cybersecurity Realities: Challenging Narratives and Unveiling Threats

Olivier Bilodeau


Cybersecurity conversations on social media show a consensus concerning an increase in risks of being victims of cybercrime during the Holiday season. Notably, security researchers at Darktrace have identified a disconcerting pattern, citing a 30% upsurge in the average number of attempted ransomware attacks globally during the Holiday season from 2018 to 2020, in contrast to the monthly average.
Remote Desktop Protocol (RDP) is known to be a significant attack vector for ransomware groups, underscoring the importance of fortifying its access. While the prevailing narrative advocates caution, it is important to challenge the notion that the Holiday seasons inherently serves as a breeding ground for malicious actors exploiting potential vulnerabilities amidst security teams operating at diminished capacity. To validate organization concerns, we examined brute-force attacks on our RDP honeypots during weekends and during the 2022 and 2023 Holiday seasons, providing valuable insights into the real-world threats faced by organizations during those critical periods. The data analyzed consists in 27.2 million adversaries’ login attempts on RDP in the last 2 years. Are we biased when we say there are more attacks during the Holiday season? What does the data tell us?

Importance: This data-driven approach provides evidence that there is no substantiated increase in cyber threats during the Holiday season. We aim to foster a more informed perspective, emphasizing that the perceived urgency for cybersecurity products during this period may be unfounded. It is our hope that this research contributes to a more nuanced understanding, allowing organizations to allocate resources judiciously based on actual threats rather than perceived seasonal trends.

Olivier Bilodeau


 Olivier Bilodeau leads the Cybersecurity Research team at GoSecure. With more than 12 years of infosec experience, he enjoys luring malware operators into his traps and writing tools for malware research. Olivier is a passionate communicator having spoken at several conferences including BlackHat USA/Europe, Defcon, Botconf, Derbycon, and HackFest. Invested in his community, he co-founded MontréHack, is the President of NorthSec and hosts its Hacker Jeopardy.