Though the feds haven't identified any specific known threats, criminals are prone to strike when key employees are traveling or spending time with family and friends.
The Thanksgiving holiday is an occasion for most people in the United States to enjoy time at home with family and friends. But it's also a prime opportunity for cybercriminals to attack, knowing that offices are closed and that security professionals are away from work. An alert issued Monday by the Cybersecurity and Infrastructure Security Agency and the FBI urged organizations to be on guard for ransomware attacks that take advantage of worker downtime during Thanksgiving.
SEE: Security Awareness and Training policy (TechRepublic)
Launching cyberattacks during a holiday or even a weekend is hardly a new strategy for criminals. For example, ransomware attacks have occurred in the past on Independence Day and Mother's Day weekends. But the surge in high-profile ransomware incidents raises more of a red flag than ever.
Citing recent history, CISA and the FBI caution that cybercriminals around the world are eager to disrupt the vital networks and systems of businesses and critical infrastructure. And what better time to strike than Thanksgiving, which is not just a day off for a lot of people but a symbolic event for many Americans?
In the alert, CISA stressed that neither it nor the FBI have identified any specific threats that might occur on or around Thanksgiving. But with or without advanced warning, organizations need to be prepared for attacks designed to take advantage of the holiday.
"The one thing cybercriminals love more than money is attacking during holiday weekends specific to American culture," said James McQuiggan, security awareness advocate for KnowBe4. "Whether it is the July 4th holiday, near Labor Day or especially Thanksgiving, they release their ransomware attacks or other data breach efforts on the few days leading into holiday weekends."
To help your security staff protect your organization from holiday-based ransomware attacks, CISA and the FBI advise you to analyze your existing cybersecurity processes and follow best practices to reduce the risks. More specifically, the agencies offer the following tips:
- Identify IT and security employees who are available weekends and holidays and can act quickly in the event of a ransomware attack or other incident.
- Review your incident response and communication plans so you're aware of the actions to take and the people to contact if an attack occurs.
- Set up multi-factor authentication for remote access and administrative accounts.
- Enforce strong passwords throughout your organization and make sure they're not reused across different accounts and services.
- Ensure that any remote desktop protocol service is secure and monitored.
- Instruct employees to not click on suspicious links in emails and messages.
- Conduct training exercises to raise awareness among your employees.
Further, ransomware attacks are often preceded by some type of scam or ploy designed to gain access to account credentials, vulnerable systems and critical networks. With the holidays in mind, CISA and the FBI advise you to watch out for the following threats:
- Phishing scams, including unsolicited emails that impersonate charitable organizations.
- Phony websites that masquerade as reputable businesses, especially shopping sites that people typically visit during the holidays.
- Unencrypted financial transactions, which are aimed at stealing funds or sensitive financial data.
"Cybercriminals are acutely aware that their targets are much slower to respond to alerts that would otherwise give them away during holidays," said Chris Clements, VP of solutions architecture for Cerberus Sentinel. "Many organizations move to skeleton crews staffed by mostly junior personnel or even completely on-call duties that significantly impact the speed and effectiveness of responding to indicators of compromise. It's no fun, but organizations must make this truth a part of their overall security strategy to ensure that they have adequate capabilities to detect and respond to a cyberattack even during the holidays."
- Ransomware: What IT pros need to know (free PDF) (TechRepublic)
- Ransomware attackers are now using triple extortion tactics (TechRepublic)
- How to prevent another Colonial Pipeline ransomware attack (TechRepublic)
- SolarWinds attack: Cybersecurity experts share lessons learned and how to protect your business (TechRepublic)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Hiring Kit: Cybersecurity Engineer (TechRepublic Premium)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)