Two separate reports out this morning indicate a decline in the volume of spam and phishing attacks, reflecting an unusual lull in security threats during the dog days of summer. While security researchers are at a loss for the reason behind this drop-off, the folks at Tufin Technologies seem to have the most reasonable and logical answer: Hackers take vacation, too.

IBM's X-Force research team released a report this morning showing a steep decline in the volume of phishing attacks as a percentage of spam. For the first half of 2009, phishing accounted for just 0.1 percent of spam; for the same period in 2008, the volume was 0.2 percent to 0.8 percent.

MX Logic, the managed security services company recently acquired by McAfee, noted in its September threat forecast report that it also measured a slight decline in overall spam volume but anticipates a strong rebound in September and the winter holidays.
While the IBM X-Force crew speculates that a combination of better user awareness, improvements in security software and a shift toward more effective data thievery techniques probably explains the phenomenon, the MX Logic threat forecast reflects the findings of a survey conducted by Tufin, a firewall management vendor.

At the annual Def Con conference, Tufin surveyed 79 of the green-haired, black T-shirt wearing crowd on their activities and habits. Eight out of 10 said they are more active during the winter holidays than any other time of the year. So, just as retailers make most of their annual revenue between Thanksgiving and Christmas, hackers seem to favor the heavy online shopping period between Cyber Monday (the big online shopping day on the first Monday following Thanksgiving) and Christmas Eve.

Dean Turner, director of Symantec's global intelligence network, concurred with the trends noted by IBM and MX Logic, but echoed an explanation that reflects Tufin's survey finds. He told the Associated Press that the holidays are when Symantec sees more phishing, spam and hacker activity.

Common among these reports, though, is an increase in new vectors of attack and the lures hackers are using to dupe users into giving up valuable information. IBM says it's seen an increasing number of Trojans and rogue software that steal personal and sensitive information. MX Logic says hacktivisms—the use of hacking techniques in political causes—are increasing in parallel to the health care reform debate; health care reform, they say, could be manipulated into new spam and phishing attacks.

Three things to read between the lines here. First, hackers know when the best time is to target unassuming Internet users and insecure businesses. Second, they're getting more creative in the approach they're taking to attack or subvert their targets. Third, expect a surge in security distress calls following the Labor Day weekend.