Big data analysis of Cyber activities throughout the month of Ramadan

The month of Ramadan is the holiest month in the Islamic calendar. During this month devoted Muslims spend their days praying and fasting, and all major activities grind to a halt. We set out to explore whether the halt in daily activities would also be reflected in hacking activities emanating from or to targeting Islamic nations.

Using Cytegic DyTATM intelligence platform which gathers, processes and analyzes hundreds of thousands of intelligence feeds on a monthly basis, we were able to identify the following findings (for the full report, please write us at regarding the month of Ramadan 2015:

  • During the period (the ninth month of the Islamic calendar), which started this year on the 17th of June, the “cyber activity” level of Muslim and Arab-affiliated attackers is low compared the previous month
Arab & Muslim Attackers Activity – Based on Geo-Political Regions

Arab & Muslim Attackers Activity – Based on Geo-Political Regions


  • There is a significant drop in activity level right after the Ramadan starts, and specifically in the first Friday of the Ramadan – this year it was June 19th (a significant day for Muslims)


Arab & Muslim Attackers during Ramadan 2015 (from the 17th of June)

Arab & Muslim Attackers during Ramadan 2015 (from the 17th of June)

  • When it comes to analyzing the threat landscape based on Industry – it is interesting to see that Western Europe and the Middle East are very similar – IT, Government and Media leading the scale
  • In the perspective of Assets – in the Middle East and North America, the most targeted asset was Monetary Value (mainly Bank Accounts), followed by Agreements, PII and Services to Clients
  • The top most attack methods used by these attackers during the period were Malware, Email Social Engineering, Botnets and Denial of Servic
  • Non- Muslim attackers (coming from non- Muslim countries) do not show any special “consideration” towards Muslims- their attack patterns against muslim countries remains the same throughout the month of Ramadan.


According to DyTA’s forecasting capabilities, we see that as the month is nearing its end, the activity level returns to heights from the period prior to the Ramadan. This data regarding hacking activities prior to, during and after the month of Ramadan can help organizations prepare for the future. The correlation of the drop of activities and the month of Ramadan suggests that in the year to come, during the next Ramadan, we should see a similar trend and similarly another drop in hacking activities from Muslim and Arab-affiliated hackers.