Holiday Cyber Attacks: What You Need To Know

Introduction

The upcoming holiday season marks, for many, the "most wonderful time of the year," and all around the globe, people have their minds on getting ready to travel for the holidays, potentially leaving their critical infrastructure unsupported. This is especially true for the United States, which gets into the holiday spirit in early October to prepare for Halloween. Unfortunately, at the same time, cybercriminals are also preparing their schemes. Cybercriminals tend to be more active during all holidays across the calendar, but the end of the year holiday season is when they are the most aggressive in pushing their malicious agendas.

Previous Holiday Cyberattacks

The Cybersecurity & Infrastructure Security Agency (CISA) reports that cybercrime escalates significantly during the holidays, inflating your organization's chances of falling victim to a cyberattack as you spend time away from work. 

An example of holiday hacking was in early October (2022), just as America was preparing for Halloween festivities, when cybercriminals, suspected to originate from Russia, attacked some of America's largest airports' websites. These "denial of service" website attacks began around three in the morning when the LaGuardia Airport system took the first hit. Other major airports, including Denver International Airport and Los Angeles International Airport (LAX), were hit following LaGuardia. Luckily, none of the systems targeted handle air traffic control, internal communications, or security. 

Holiday hacking is not limited to Christmas. Some other examples of holiday breaches in the United States include:

• Colonial Pipeline: Just before Mother's Day Weekend
• Kaseya: Fourth of July weekend
• Los Angeles United School District: Labor Day Weekend
• Baltimore County Public Schools System: Day Before Thanksgiving
• Albany International Airport: Christmas Holiday Period
• Sony and Microsoft: Christmas Eve
• Impresa: New Year's Day

Weaknesses at the User Level

The top reason organizations become infected with malicious software is user error, primarily social engineering attacks like phishing. Threat actors take advantage of individuals and persuade them into opening malicious links or files, opening the door for cyber threats like ransomware to infect your network. 

Outside of phishing, a massive threat to your organization is careless employees, employees that are untrained in cybersecurity practices, or an unfortunate mix of both. Having employees on staff still in training is one thing but leaving them in charge of your organization's infrastructure during holidays while senior staff takes time off can lead to an improper response to a security breach. 

What Needs to Happen?

Threat actors are very much aware that fewer employees are available during the holidays, leaving your infrastructure more vulnerable with less employees to mind the shop. It is vital to have a plan put into place to prepare for cyber threats and promptly respond to attacks. You will need to create a plan to mitigate as many warning signs of malware as possible before your staff take off for the holidays, monitor your system with limited staff, and react to any cyberattacks. 

Holiday Security Tips:

• Train employees in cybersecurity and phishing awareness.
  User error is the number one cause for malware attacks, resulting from malicious links being opened or malicious documents being downloaded. Your employees should undergo an annual social engineering training.
  
  
• Assess possible threats in your systems, including scanning and patching software, as much as possible.
  Taking care of as many of these risks and deploying patches as available will assist in securing your organization, protecting it from exploits, while under limited supervision during the holidays.

• Control who has access to your systems.
  To protect your systems, network, and endpoints, implement a strategy to restrict access to data stores and applications, allowing only the team members in-office that need access. Take into account restricting user access levels, admin rights, and privileged access.

• Protect your network
  Firewalls on your network can make a strong defense strategy, but they are not guaranteed to protect against every cyberattack. To fully defend your organization and its endpoints, your organization should implement a solution that acts as a firewall at the endpoint level in addition to the network firewall. This endpoint firewall should block applications and endpoints from communicating with others unless specifically allowed. Preventing malicious software from sharing code or scripted instructions from spreading.  

Conclusion

Ransomware is not to be taken lightly. Even if you do pay the demanded ransom, your organization may end up falling into the 92% of those who pay but recover none of their data. You will need to take the extra measures necessary outside of safe practices and workplace policies. So, aside from the security practices provided above, you should add technical controls to your security strategy. ThreatLocker's endpoint security platform utilizes a zero-trust posture to offer a unified and policy-based approach to protect users, devices, and networks from modern-day cyber threats, making it a powerful addition to your security stack.

Allowlisting blocks all unapproved software, including ransomware, from executing. If you have not approved an application, code, or script, the malware will not be allowed to execute and harm your organization. Additionally, ThreatLocker Network Control gives you total control over all network traffic, which ultimately helps you protect your organization from outside threats when you have a smaller team during the holidays. Using custom-built policies, you can allow granular access to your network, keeping threat actors out. 

‍

Ready to add ThreatLocker to your holiday wishlist? 

Reach out to the Cyber Hero Team today!

‍