Hackers Don't Take Vacation - Calyx IT

Hackers Don’t Take Holidays

December 8, 2021 | Ed Grauel |

Just like Harry and Marv knew that many families would vacation around the holidays and leave their valuables unprotected in Home Alone, cybercriminals and other bad actors capitalize on the same idea around the holidays. Long weekends, reduced staff due to PTO and your attention elsewhere spreading holiday cheer are all reasons for the enhanced threat level seen around the holidays. Kevin McCallister got the idea right when he said “This is my house. I have to defend it.”

Why are there more ransomware threats around holidays?

As threats have evolved, there is more time for an attacker to scout out what is on a victim’s network. This has enabled larger demands for ransom, and the opportunity to develop deeper knowledge of what the value of the data is. Simply knowing what someone might be willing to pay and how to leverage the threat of data destruction vs. leaking intellectual property, sensitive legal or HR data, or other proprietary information makes for a more compelling demand. Additionally, the opportunity to leave behind tools for a future attack or to realize vulnerabilities that can be exploited in the future is afforded with more time. Think of this as the difference between a smash and grab from a car and an Ocean’s Eleven style heist with lots of planning and elaborate execution.

The Cyber Security & Infrastructure Security Agency (CISA) has published multiple alerts and reminders to enhance awareness for long weekends and holidays. Before Labor Day 2021, the FBI and CISA reported increased instances of complex, damaging attacks over holiday weekends earlier in the year. Again, coming up to Thanksgiving, a reminder from the same agencies was published to keep these threats top of mind. The reminder outlines other threats and attack vectors, including phishing scams, fraudulent sites and intercepting unencrypted financial transactions that can lead to a breach.

Holiday weekend attacks you may have heard of include the Colonial Pipeline hack on Mother’s Day, the JBS meat-packing company attack over Memorial Day and the Kaseya hack around the Fourth of July. There are certainly more attacks that received less visibility. Chances are, you know someone who has experienced a breach and ransomware in their business.

What can I do to minimize the threat of a ransomware attack?

While building a zip line to your treehouse, creating a fall-hazard with matchbox cars and tying off paint cans at the top of the stairs may bring some nostalgia, there are recommendations from experts on how to prepare and prevent an attack:

  • Be proactive in your threat detection.
  • Regularly patch all of your internet-accessible infrastructure.
  • Implement strong password guidelines.
  • Enforce multi-factor authentication. 
  • Eliminate any excess software.
  • Train your users to be aware of cybersecurity threats.

CISA provides a more technical breakdown of steps for IT security professionals to take including:

  • Creating and maintaining offline, encrypted backups that are regularly tested.
  • Training users to be aware and not click suspicious links.
  • Eliminating remote desktop protocol connections from external sources.
  • Updating and patching all operating systems.
  • Scanning for vulnerabilities.
  • Using multi-factor authentication on top of strong passwords.
  • Having an incident response plan.

Ransomware attacks are on the rise.

In 2024 there was a 30 percent increase in cyberattacks year-over-year. Cyberattacks are growing due to advancing technology such as AI and machine learning. Taking precautions to prevent an attack and to minimize the impact in the event of an attack are no longer just another wishlist item, but an investment that must be made by all businesses

Ed Grauel - Calyx IT

Ed Grauel

Ed Grauel, president, enjoys turning visions into reality. He believes the best clients are the ones who share their vision of success with Calyx, and let us participate in achieving it.