The Holiday Season Is Approaching: Are Cyber Attacks More or Less Likely?

The Federal Bureau of Investigation (FBI) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) recently warned organizations to stay vigilant against cyberattacks on holidays.

The agencies stated that they have "observed an increase in highly impactful ransomware attacks occurring on holidays and weekends — when offices are normally closed — in the United States, as recently as the Fourth of July holiday in 2021."

According to the head of Cybersecurity Strategy at VMware, cybercriminals are "well aware" that organizations task "skeleton crews" with protecting their networks during weekends, holidays, and major events like the Super Bowl.

An affiliate of the "REvil" cyber gang committed the largest ransomware attack in history against the software company Kaseya at the beginning of the Fourth of July holiday weekend.

Similarly, Russian-associated cyber criminals attacked the meat processor JBS with ransomware on Memorial Day weekend, which led the organization to pay an $11 million ransom.

Colonial Pipeline paid a $4.4 million ransom after DarkSide forced it to shut down operations in a ransomware attack preceding Mother's Day weekend. The FBI later recovered $2.3 million of the ransom from the Russian-based hacking group.

Following that incident, the Transportation Security Administration (TSA) began requiring pipeline owners and operators to designate "a 24/7, always available cybersecurity coordinator," such as a chief security officer, who can coordinate with the TSA and CISA if a cyberattack occurs on a weekend or holiday. However, many other critical infrastructure sectors do not have such a mandate.

The joint advisory also stated that the ransomware gangs most frequently reported to the FBI during Aug. 2021 were Conti, PYSA, LockBit, RansomEXX/Defray777, Zeppelin, and Crysis/Dharma/Phobos.

The FBI and CISA recommend that organizations backup data offline, avoid clicking on suspicious links, update their software, and use strong passwords and multi-factor authentication to protect their networks. Nicole Sganga "Feds warn organizations not to take a cyber vacation after high-profile hacking on holidays" cbsnews.com (Sep. 1, 2021).

Commentary

Organizations should modify their cybersecurity plan to make sure that their network stays secure at all times, including holidays and weekends.

Implement technological protections to monitor your network for suspicious activity. At least one IT employee must be on-call on holidays and weekends to respond immediately if your system detects a possible breach.

Remind employees to follow cybersecurity best practices at all times, including on the weekend and when on vacation. Stress the importance of only using an encrypted, secure internet connection if they must log into the network when away from the office.

Finally, your opinion is important to us. Please complete the opinion survey: