How to Protect Against Cybersecurity Threats This Holiday Season

How to Protect Against Cybersecurity Threats This Holiday Season

How to Protect Against Cybersecurity Threats This Holiday Season

image

The holidays can be a magical time. From Thanksgiving through December each year, there are more reasons to meet friends and family for cocktails or cozy nights in, share time-tested recipes, or tune into any great number of holiday flicks (Love, Actually, Die Hard, The Ref – choose your adventure). And whether you do it online or in-person, there’s shopping, shopping, and more shopping.

Unfortunately, though, the holidays can be magical for threat actors, too.

With so many of us stepping away from our day-to-day responsibilities, CIOs and CISOs must ask themselves, “Who's minding the store?” And if it’s not immediately obvious, ‘the store’ in this metaphor is your IT environment.

The most wonderful time of the year… for cyber attackers

Generally, the holidays mean many desks are empty. Computer systems are often unattended and security operations centers are short-staffed with fewer eyes on the storefront. The result? Businesses and organizations are more vulnerable to cyberattacks.

Additionally, 2022 witnessed mass layoffs, leaving companies short-staffed. Compound that with an infosec talent shortage and the usual stress and burnout, and you’ve got a recipe for oversight and human error.

In a study conducted by Cybereason, a whopping 70% of respondents actually admitted to having been intoxicated when responding to a ransomware incident over the holidays. But a cyberattack probably isn’t the best time to test your Ballmer peak.

Of course, malware attacks are rampant year-round, but they increase significantly over the holiday season. In fact, according to Cisco’s 2021 Cybersecurity Threat Trends report, phishing attacks historically spike around holiday times, reporting a peak of 52% in December. Additionally, lucrative malware campaigns like ransomware show no signs of slowing down.

Also in 2021, Darktrace reported a 30% increase globally in the average number of attempted ransomware attacks over the holiday season from 2018 to 2020 compared to the monthly average, and a 70% increase in attempted ransomware attacks in November and December compared to January and February.

Companies suffering from a ransomware outbreak could suffer extreme losses in revenue from downtime, crippled operations, and possibly even fatal consequences in the healthcare vertical.

Clearly, the holidays have a very different meaning if you’re a cybercriminal or hacking group – mainly, this time of year equals opportunity.

Common cybersecurity threats during the holidays

A common approach cyber criminals use to discover who to attack is through "out-of-office" automatic email responses. They may start with a "spray and pray approach," sending out thousands of emails en masse and then parsing the rich information of the out-of-office message. These messages may indicate the following data points:

  • Who is on PTO

  • When staff will return

  • Staff phone numbers

  • Emergency contacts

That's a treasure trove of information for hackers.

Plus, there are additional cybersecurity and safety issues to keep in mind having to do with – you guessed it – human behavior.

With the onset of the holiday season, many of us have increased our online activities: booking flights, shopping for gifts, etc. Though these activities are not innately malicious, they give additional fodder to cybercriminals looking to social engineer end users to click and download their malicious payloads.

A prime example? You’re likely expecting packages or messages from relatives. So an attacker could easily create spear-phishing emails to emulate a FedEx or UPS package tracking number or mass-sent holiday "greeting cards."

During such a busy shopping season, it’s likely more people click on email links or promotional discount ads. As a result, there’s usually a large spike in email phishing over the holidays.

A look at recent holiday cyberattacks - 2022

Here are just a few recent examples of major attacks that occurred during or close to a holiday:

Cybersecurity best practices for holidays and weekends

Last year, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint ransomware awareness advisory specific to looming holiday threats.

While CISA and the FBI don’t currently have specific threat reporting indicating a cyberattack will occur over the upcoming holidays, they did prepare a list of best practices for orgs to help address the risk posed by all cyber threats, including ransomware.

The list is extensive, so we reviewed it and pulled out highlights to prioritize as you prep for the holidays:

  • Schedule security employees to be "on call" during holidays

  • Educate end users throughout the year, but especially during the holidays, to not click on suspicious links or fall to social engineering tactics via spear phishing attempts

  • Provide generic out-of-office messages for external recipients, or restrict automatic responses to internal contacts, if possible

  • Make and maintain offline, encrypted backups of data and regularly test backups

  • Raise awareness among users about the risks involved in visiting malicious websites or opening malicious attachments

  • Limit access to resources over internal networks, especially by restricting remote desktop protocols (RDP) and using virtual desktop infrastructure

  • Review the security posture of third-party vendors and those interconnected with your organization

  • Replace software and operating systems that are EOL/EOS to currently supported versions

  • Regularly patch and update software to the latest available versions

  • Use a centralized and automated patch management system

  • Conduct regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices

  • Ensure strong passwords that are not reused across multiple accounts or stored on a system where an adversary may have access

  • Implement multi-factor authentication (MFA) for all services, particularly for remote access, VPNs, and accounts that access critical systems

  • Regularly audit administrative user accounts and configure access controls under the principles of least privilege and separation of duties

  • Continuously and actively monitor for ransomware threats over holidays and weekends.

 

BONUS: A few personal cybersecurity hygiene tips

  • Be wary of the too-good-to-be-true and the “your package has arrived” emails, especially if you do not recall ordering anything from a certain vendor or person.

  • Do not reuse passwords. If an attacker compromises one account, they’ll attempt to access other accounts with the same credentials.

  • Do not overshare your personal information on social media. You’d be surprised how often people provide their exact locations, itineraries, etc on a public forum.

  • Do not click on tracking number links for unexpected emails. Simply hover over the link to see where it directs. It is easy to go on autopilot and click all package links during the holidays.

  • A good rule of thumb is never to give out any information on inbound communications. When in doubt, reach out to the company/service/vendor directly via a verified phone number, online chat, or email on their website.

  • Trust your gut; if it seems weird, it probably is.

  • When possible, always enable 2-factor authentication on all your accounts. Even if an attacker gains access to your account credentials, you will have an additional layer of security.

  • Don't leave your devices unlocked when you have company over. Kids (and pets) are curious creatures.

     

 
 

 

For more intel, review these resources to prepare for a safer holiday season:

By following the cybersecurity best practices from the FBI and CISA and digging into the additional resources provided here, you can reduce your risk of exposure and feel just a little bit better about taking that well-deserved time off.

 


We provides a 100% CloudNative IT Endpoint operations platform for modern organizations. As a comprehensive EndPointManagement Platform, it has advanced SoftwareManagement for PatchManagement, Adding, Removing, and Updating Software, Changing and Configure Settings along with PolicyManagement on any device or operating system located anywhere in the world and at any time. With the push of a button, ITAdministartors can fix CriticalVulnerabilities faster, slash cost and complexity, and win back hours in the day.If you want to know more kindly Click here

© 2023 SRC Cyber Solutions LLP. All Rights Reserved.