I first noticed and began planning for seasonal effects in cyber activities back in the early nineties. In those days I was defending the networks of Sun Microsystems, worldwide; but the major source of seasonal surges was close to home.
We could depend on a bump in the rate of both attacks and vulnerability disclosures as soon as high schools in the U.S. let out for summer vacation. The increase started at the end of June, peaked in late July, tailed off in August, and dropped like a stone in early September. Later in the year we would see another intense peak around Christmas, lasting through the New Year’s Day holiday. There was often a perceptible rise over Easter week as well.
A Shift to Steady State of Attacks
These days I still sense a rhythm, but the periodicity signals seem attenuated. I have been wondering why. Muted? Masked?
One factor, I am now convinced, is a move to a steady state of attacks, a constant drizzle —with occasional downpours, like the concerted attacks against the U.S. financial community in the fall of 2012 . Oh, you would like evidence?
The best source of monthly cyber incident statistics I am aware of is Hackmageddon.com,  a personal site run by Italian researcher Paolo Passeri.
Take a look at Paolo’s chart of incident reports over the last three years for which he has counts.
Do you see the same damping  year-over-year that I do? Fewer ups and down, just as (ahem) I expected.
(By the way, I choose to discount the decrease he shows in absolute counts as the effect of subjective changes in the threshold of what makes an incident newsworthy. I don’t think the sheer number of attacks is going down.)
Now the second-order question: How come? A second chart from Paolo opened my eyes.
The conclusion I draw, both from my experience and Paolo’s less subjective statistics, is that crime-related cyber attacks have increased so much over the past few years that they now dominate the attack counts. Cyber attack is an industry now — estimates vary, but criminals are raking in at least $1B a year  — and that has steadied out the attack rhythms.
I still get nervous over the Christmas holidays, and always recommend amplified monitoring (and no letup in coverage) over that period to my clients. You, too?
Sources and Resources
 Siobhan Gorman, Wall Street Journal, Iran Renews Internet Attacks on U.S. Banks October 17, 2012. http://www.wsj.com/articles/SB10000872396390444592704578063063201649282
 Hackmageddon website, run by Paolo Passeri. He accepts donations via PayPal. If you like his work, send some Euros his way. (I did.)
 “Damping”, if you please, not “dampening”; it’s a virtual drizzle. See Damping, Wikipedia, http://en.wikipedia.org/wiki/Damping. For a contradistinction with “dampening”, see the “Errors in popular usage” section.
 The Register, “’Cybercrime exceeds drug trade’ myth exploded“, 27 Mar 2009, http://www.theregister.co.uk/2009/03/27/cybercrime_mythbusters/
(c) 2015 Tellagraff LLC