The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI) have warned US businesses about the risk of Ransomware attacks during Thanksgiving and the rest of the holiday season.
Previous years suggest there is a somewhat increased risk of attacks during festive periods, with threat actors taking advantage of complacent businesses relaxing into ‘holiday mode’.
FBI Warns: Don’t Become Complacent During the Holidays
The FBI has released a joint statement with CISA just in time for Black Friday and Thanksgiving weekend, which is expected to be earmarked in the diary of threat actors – although their advice applies to the whole holiday period in general, including Christmas and New Year.
Both organizations were quick to point out that the advisory notice is not linked to inside knowledge about a specific threat actor targeting, say, companies during Thanksgiving, but has instead been released due to a pattern of ‘high-impact” attacks that seem to take place at this time of year.
“Malicious cyber actors have often taken advantage of holidays and weekends to disrupt critical networks and systems belonging to organizations, businesses, and critical infrastructure” – CISA & FBI Advisory Statement.
In the statement, both CISA and the FBI urged companies or organizations that have fallen victim to cyberattacks of all kinds to report it to them directly immediately after it is detected.
‘Tis the Season to Update Your Security Strategy
There are a multitude of reasons for the increased risk and frequency of ransomware attacks – as well as other types of large-scale cyberattacks on businesses – during this period.
Threat actors know, for instance, that an office is much more likely to be closed on the days surrounding Thanksgiving and Christmas, and that IT team numbers will generally be smaller as staff take annual leave.
Hackers and Scammers from other countries study US culture closely, so it's not surprising that they're able to catch out companies and employees ready to switch off for the holiday season.
Considering hackers and scammers' intimate knowledge of the US holiday season, it’s concerning that recent research by BitSight revealed that around 75% of online retail businesses may be at increased risk of a ransomware attack due to subpar TLS/SSL configuration management.
What's more, a global survey of companies (including 500 from the UK) conducted recently by CyberReason found that around a quarter (24%) of companies do not have a specific plan for dealing with cyberattacks during a holiday or weekend period.
The survey also found that 60% of respondents believe it takes longer to assess the scope of an attack if it occurs on the weekend or during the holiday, with the downtime allowing threat actors to embed themselves deeper into the networks they’ve infiltrated.
In the same survey, half of those questioned agreed that it took longer to mount an effective response, and a third (33%) said that holiday or weekend attacks required a much longer recovery period.
A Quick History of Festive-Period Ransomware Attacks
Companies have reason to be concerned too considering the avalanche of cyberattacks and ransomware attempted when people are on holiday en masse.
Winding the clock back to 2011, private intelligence group Stratfor Global Intelligence had its systems broken into on Christmas Eve. 200GB of emails were stolen.
It’s unlikely to simply be a coincidence that a huge cyberattack on Target in 2013 – one that resulted in the credit card information of 40 million Americans being stolen – occurred the day before Thanksgiving.
Gamers were left incensed in 2014 after Christmas DDoS-for-ransom attacks were carried out by a group called Lizard Squad.
A similar attack was carried out 12 months later by an organization called Phantom Squad, with the goal to once again disrupt gamers at Christmas. Meanwhile, Linode, a cloud computing company, was facing barrages of attacks that took its services offline.
More recently, the SolarWinds attack that made national news headlines due to its severity took place in December of last year, just days apart from Christmas – and reared the threat actors behind the assault reared their ugly heads once more in a less successful campaign that took place on Memorial Day.
This year, there’s already been a direct ransomware attack on a US company on Independence day weekend. Florida-based software company Kaseya and hundreds of other companies were targeted by hacking group REvil.
How Can I Protect My Business During The Holiday Season?
The FBI and CISA have put together a few points of advice for companies looking toward the festive season with a watchful eye on their company’s data.
The first bit of advice is to account for this heightened risk of attacks during your Christmas holiday planning. Ensure you have IT staff on hand to help out on important holiday days and have worked out would be available to respond to an attack if it occurred on a date like Christmas Day.
Another vital step that all companies have to take is to institute multi-factor authentication for remote access but also all other platforms or accounts where this is available.
Strong Passwords are also a must for every person in your organization, CISA says – and nowadays, the best practice is to keep them tucked away inside a secure password manager for businesses. As many passwords as possible should be updated before the holiday season in line with strict criteria on things like the number of characters staff should be using
Other recommendations include updating incident response plans and going back over what a suspicious email looks like with staff members.
You can't stop a hacking group from targeting your business, but taking these steps at a bare minimum will increase the chances that you and your company will emerge unscathed.