The daily grind of the traditional working week is not confined to legitimate, legal, employment. The cybercrime industry – much like other sectors such as retail and finance – is typically based around the 9am-5pm Monday to Friday routine, with a short break for weekends.
Of course, there are exceptions, but research published this week (Monday 21 August) from the cybersecurity division of IBM, called "X-Force Kassel", has provided interesting statistical analysis into the weekly workload some of the biggest spam operators in the world.
"Are spam statistics disconnected from human operators who send spam?" pondered IBM expert's Limor Kessem and Mark Usher in a joint blog post.
"While it is true that many spam blasts are automated, there is a lot of work that still goes into each carefully planned campaign," they stated.
The analysis looked at six months of compiled data, from between December 2016 and June 2017.
It studied the main countries where spam originated by tracking senders' IP addresses and, ultimately, was trying to map out a full working week of a cybercriminal.
It found that 83% of all spam was sent during weekdays, with "significant drops on weekends across the different geographies where spam messages originated".
This backed up prior research which suggested that spammers track the business hours of targets.
The reason is simple: victims are more likely to be sitting at their computer during business hours - and especially as the working day comes to an end - will be paying less attention to the content of booby-trapped emails which come laced with malware. All they need is the click.
Over the six month period of the study, the most spam was sent on a Tuesday, followed by Wednesday and Thursday. In terms of a daily routine IBM said hackers often "follow the sun", starting off in Europe before moving on to potential victims in America.
Based on the fresh dataset, the researchers noted that "spammers like to get their sleep at night" even though malicious software and hacking technology – botnets, specifically – can now be used to ensure that the majority of operations continue for 24 hours a day without fault.
The top originator of spam in terms of region – at least in the past six months – was India, followed by China and South America. The Monday to Friday routine changed when looking at Russia, where most spam was sent between Thursday and Saturday – a change in the status quo.
"Studying the trends that move illicit spamming and the mechanisms that enable cybercrime is an essential part of threat intelligence and situational awareness," said Kessem and Usher.
"Nowadays, malware is more sophisticated than ever, and its delivery methods are not falling short," they added. "Spammers and spam botnets launch millions of malicious messages every day, hoping to get through to potential victims [and] infect new endpoints.
"In the past, we've found that spammers are an organised bunch, and they plan their workdays around business hours. The data in our traps confirmed that this trend still holds true."