Just like Harry and Marv knew that many families would vacation around the holidays and leave their valuables unprotected in Home Alone, cybercriminals and other bad actors capitalize on the same idea around the holidays. Long weekends, reduced staff due to PTO, and your attention elsewhere spreading holiday cheer are all reasons for the enhanced threat level seen around the holidays. Kevin McCallister got the idea right when he said “This is my house. I have to defend it.”
Why are there more ransomware threats around holidays?
As threats have evolved, there is more time for an attacker to scout out what is on a victim’s network. This has enabled larger demands for ransom, and the opportunity to develop deeper knowledge of what the value of the data is. Simply knowing what someone might be willing to pay and how to leverage the threat of data destruction vs. leaking intellectual property, sensitive legal or HR data or other proprietary information makes for a more compelling demand. Additionally, the opportunity to leave behind tools for a future attack or to realize vulnerabilities that can be exploited in the future is afforded with more time. Think of this as the difference between a smash and grab from a car and an Ocean’s Eleven style heist with lots of planning and elaborate execution.
The Cyber Security & Infrastructure Security Agency (CISA) has published multiple alerts and reminders to enhance awareness for long weekends and holidays. Before Labor Day 2021, the FBI and CISA reported increased instances of complex, damaging attacks over holiday weekends earlier in the year (https://us-cert.cisa.gov/ncas/alerts/aa21-243a). Again, coming up to Thanksgiving, a reminder (https://us-cert.cisa.gov/ncas/current-activity/2021/11/22/reminder-critical-infrastructure-stay-vigilant-against-threats) from the same agencies was published to keep these threats top of mind. The reminder outlines other threats and attack vectors, including phishing scams, fraudulent sites and intercepting unencrypted financial transactions that can lead to a breach.
Holiday weekend attacks you may have heard of include the Colonial Pipeline hack on Mother’s Day, the JBS meat-packing company attack over Memorial Day and the Kaseya hack around the Fourth of July (https://www.wired.com/story/ransomware-hacks-holidays-weekends/). There are certainly more attacks that received less visibility. Chances are, you know someone who has experienced a breach and ransomware in their business.
What can I do to minimize the threat of a ransomware attack?
While building a zip line to your treehouse, creating a fall-hazard with matchbox cars and tying off paint cans at the top of the stairs may bring some nostalgia, there are recommendations from experts on how to prepare and prevent an attack.
From Crowdstrike, a leading security provider (https://www.crowdstrike.com/blog/holiday-cyber-warnings-will-echo-across-2021/):
- Establish a proactive threat-hunting process
- Rapidly and consistently patch any internet accessible infrastructure
- Use strong password rules
- Enforce multi-factor authentication for all users
- Analyze and eliminate excess software
- TRAIN YOUR USERS TO BE CYBERSECURITY AWARE
CISA provides a more technical breakdown of steps for IT security professionals to take (https://us-cert.cisa.gov/ncas/alerts/aa21-243a), including:
- Creating and maintaining offline, encrypted backups that are regularly tested
- Train users to be aware and not click suspicious links
- Eliminate Remote Desktop Protocol connections from external sources
- Update and patch all Operating Systems
- Scan for vulnerabilities
- Use multi-factor authentication on top of strong passwords
- Have an incident response plan
Ransomware attacks are on the rise.
In the first half of 2021, CheckPoint identified an increase of over 90% from the prior period (https://pages.checkpoint.com/cyber-attack-2021-trends.html), as well as advances in higher-risk triple extortion threats that not only impact the business that is attacked, but their clients and partners as well. Taking precautions to prevent an attack and to minimize impact in the event of an attack are no longer just another wish list item, but an investment that must be made by all businesses.