Why do attacks increase over the holidays?
In a joint cybersecurity advisory, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) warn that cyberattacks increase significantly during the holidays and encourage businesses to be aware of the heightened risks and be vigilant with network defenses.
Like weekends, cybercriminals target the US specifically during holidays because it’s a busy time of year and employees are often distracted, leaving companies vulnerable to attack. With business slowing, people on vacation and kids out of school, it’s not surprising that employees across the board pay less attention to security. Threat actors know this and aim to take advantage.
Popular attack types
Email is one of the most common attack vectors, and phishing email attacks are even more widespread during the holidays. Since there is a significant uptick in online shopping, threat actors will target victims with phishing emails disguised as shipping updates or tracking information that victims are much more likely to click.
Due to employee distraction, external exploitation has a higher chance of success. There is a window of exploitation from the vulernability discovery time until it is patched in which threat actors can weaponize it. During the holidays, this window becomes larger because security engineers operate slower and often in reduced numbers with team members being out of the office.
What should companies do to prepare?
Implementing basic cyber hygiene is always critical to prevent attacks. Basic cyber hygiene includes, but is not limited to, keeping operating systems and software up to date, scanning for vulnerabilities, utilizing strong passwords and a password manager and enabling multifactor authentication (MFA).
Blue Team Alpha recommends that companies start protecting their networks, beginning with Implementation Group 1 in the Center for Internet Security’s (CIS) Critical Security Controls version 8. This guide contains “essential cyber hygiene” actions that every company should have in place to defend against cyberattacks.
Have an incident response plan in place
Incident response plans should be thorough, ready to deploy and not dependent on a particular person to avoid singular points of failure if that person is out during an attack. All employees should know their role in the event of an incident and who to call.
Tighten email security
Since email is the most common attack vector, all employees should be refreshed on how to identify and report phishing emails. Be aware of any email that seems abnormal, even if it comes from a trusted source. When in doubt, contact the sender by other means to confirm the email’s legitimacy. The same applies to voice phishing calls, too.
Implementing domain allow listing is another way to protect from phishing emails. While not foolproof, this means that emails going to the inboxes of top executives are preapproved to limit the likelihood of phishing emails getting through to them.
Ensure security teams plan around the increased risk
Security and IT teams need to be on high alert during this time of year and should plan their travel around it. By doing this, teams will be able to maintain a high level of network security, see malicious activity sooner and respond faster. This limits the risk of a successful attack and can lower the impact of an attack if one does happen.
Engage in preemptive threat hunting
Threat hunting is a proactive strategy that seeks out evidence of a threat actor in the network before an attack. Cybercriminals can exist on a victim’s network for a while before acting. Threat hunting utilizes behavior-based analytics to identify abnormalities and trigger alerts.