Holidays have become an open cyberattack season for malicious actors. It wasn’t until recently the holiday window gave an opportunity to invade the weak security gaps and take advantage of workforce vulnerability. Within the last year, a survey of 1206 cybersecurity professionals by Cybereason (a Boston-based cybersecurity firm) revealed that organizations experienced a ransomware attack during a holiday or weekend.
The most striking incident took place during the fourth of July weekend when a Russian-based ransomware-as-a-service (RaaS) group launched a cyberattack against third-party vendors of Kaseya. The breach ended up affecting 1,500 businesses and a ransom of $70 million was demanded by the attackers. In a year alone, the volume of monthly bot attacks on retail sites increased 13% compared to 2020. And further probe details out that 57% of all attacks recorded on e-commerce websites were carried out by bots in 2021.
Here are a few more recent attacks that happened during holidays:
- Christmas 2020: A Russian-backed cybergang released critical data from the United States military and private organizations, in the SolarWinds hack.
- Memorial Day Weekend 2021: The same Russian group tried sending phishing emails to hundreds of companies, though the attack is considered a failure.
- Colonial Pipeline paid $4.4 million in ransom to the DarkSide group after being forced to shut down its operations during Mother’s Day weekend.
Following the uprising of such cases during the Labour Day weekend this year, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory warning.
The holiday season is already a tough spot for retailers and has become a nightmare with the global supply chain conditions worsening. The trends suggest an increase in the frequency of distributed denial of service (DDoS) attacks, credential-stuffing, and other malicious bots for retailers. By evading simple defenses, sophisticated bots are able to attack and take over accounts, execute fraud and denial of inventory that makes it difficult for customers and businesses to operate.
“Ransomware attackers don’t take time off for holidays. The most disruptive ransomware attacks in 2021 have occurred over weekends and during major holidays when attackers know they have the advantage over targeted organizations,” said the CEO and co-founder of Cybereason, Lior Div.
What excavates the situation is the widening holes in cybersecurity employment. According to Cyber Seek and the trade group CompTIA, there are nearly 500,000 vacancies for cybersecurity jobs in the United States alone.
How to prepare during holidays
Implement effective Anti-Virus
A simple and effective anti-virus in place has often prevented attacks at the initial stages. And there are many good products out there that can be preventive against malicious bots and DDoS attacks. Having an antivirus is the first step towards the security of business assets.
Maintain Network Traffic
It is always advised to analyze DNS logs for managing network traffic as they provide you with huge amounts of data, intel, and insights into how your network is working and behaving. Knowing the traffic flow helps detect and report any inconsistencies.
Keep Patching
Security patches are often overlooked and the processes are delayed. They must be in place to apply security patches as soon as they are available and executed promptly by the organizations. Updating software and applications in use regularly build the strength and security of your system.
Instill Incident Response
Since you can still be attacked even after having everything in place, having a practiced plan and processes in place ahead of a cyber-incident keeps you on alert. It improves your organizations’ ability to deal with it properly and ensures that the organization can respond effectively if an attack takes place during the holiday weekend.
86% of respondents (cybersecurity defenders) have reported missing holidays and having returned to work in wake of a cyber incident and admitted that they were responding on a weekend or a holiday. This is certainly a risk factor many businesses and recovery plans do not take into consideration when preparing for such situations. It is a concern that malicious attacks will certainly take advantage of this holiday season.
Often ransomware attackers take advantage of relatively minor security lapses. It is in these minor gaps that they thrive. It is rarely a big mistake but a series of small errors that lead to a cyberattack. And its time to address these social engineering used to deceive and manipulate businesses. Organizations that have taken preparedness measures are less likely to suffer a cyber-attack than those not taking a proactive approach.
Be updated with the latest trends and insights from the cyber community with our newsletter. Sign up here!
