The holiday season is here, and commercial activity is peaking. But, even as employees prepare to take time off work and celebrate the holidays with family and friends, it doesn’t mean cyber-criminals would take time off too. Cyber-criminals are hyperactive during the festive season, and there is a considerable increase in cyber-attacks during the holidays. DDoS attacks are on the rise as the holiday shopping season begins, for example.
A holiday ransomware attack that stops legitimate customers from shopping or a phishing scam that erodes the brand’s reputation and credibility in the market, or some other vicious attack, is the last thing that organizations want during the holidays.
This article discusses the reasons for seeing an increase in cyber-attacks during the holidays and cybersecurity tips for organizations that can protect themselves from such attacks.
The Curious Case of Increasing Cyber-Attacks During the Holidays
- The pipeline operation company, Colonial Pipeline, was forced to pay a ransom of $4.4m to the Darkside hacker group after a ransomware attack during the Mother’s Day Weekend brought operations to a grinding halt.
- JBS, a meat processing company, paid a ransom of $11m after a Memorial Day weekend ransomware attack sabotaged its operations.
- On the July 4 holiday weekend in 2021, when millions of Americans logged out to spend time with friends and family, one of the most significant ransomware attacks of the year began. It was targeted against Kaseya’s software technology which caused national railway systems, schools, broadcasters, etc. to shut operations as a file-encrypting malware hit them.
- Over the Labor Day weekend, Howard University in Washington DC was taken offline and forced to cancel classes for a week as its network was held hostage by cyber-criminals. The cyber-criminals used phishing emails to gain access to credentials from unsuspecting university network users and used the credentials to orchestrate this holiday ransomware attack.
The Most Common Cyber-Attacks During the Holidays to Be Aware Of
- Ransomware: As amply visible from the incidents mentioned above, holiday ransomware attacks are the biggest concern for organizations. Attackers leverage phishing and social engineering attacks, malware attacks and so on to orchestrate ransomware attacks.
- Phishing attacks: Customers, employees and other users typically have their guard down during the holiday season and fall prey to phishing cyber-attacks during the holiday season. For instance, the attacker may send back-in-stock phishing emails to customers, impersonating a brand and the unsuspecting users end up clicking on malicious links/ ads, downloading malware, making purchases of fraudulent/ banned products or sharing sensitive information with attackers.
- DDoS attacks: Attackers and even competitors leverage DDoS attacks during the holiday season to prevent legitimate users from accessing websites.
- Bot-based site interruptions: Attackers may deploy bots to fill up shopping carts on websites to drive-down inventory and thus, lead to suppression of sales. This cyber-attack is used on occasions starting from Black Friday and Cyber Monday up to Christmas.
Why do Cyber-Attacks Peak During Holidays?
Offices are typically shut or work with skeletal crews during the holidays. Unsupervised systems and IT networks provide easy opportunities and the time for threat actors to lay out their plans and orchestrate cyber-attacks during the holidays.
Since organizations are already overburdened and the holidays are when revenues peak, there is a higher chance of payouts during the holidays. From the customer/user side, they are more likely to have their guard down and fall prey to scams and phishing attacks.
The contingency and incident response plans do not consider the labor shortage and other such challenges during the holidays. A study found that 86% of IT and security personnel had to return to work in the wake of attacks, cutting short their holidays. Additionally, 75% of such professionals admitted to being intoxicated while responding to such attacks. Further, several organizations still do not have the right tools to respond to cyber-incidents, despite having faced at least one attack over the past couple of years.
Holiday Cybersecurity Tips
- A proactive approach to cybersecurity is indispensable. This approach must reflect in your security strategies and control.
- Leverage intelligently automated scanning tools in tandem with intuitive, self-learning, next-gen, managed web application firewall (WAF) equipped with global threat intelligence to proactively identify and secure all kinds of vulnerabilities and flaws before the attackers can gain access to them.
- Choose a comprehensive security solution that provides real-time cyber-attack warnings, actionable insights and security analytics to continuously strengthen your security posture and minimize the risks of cyber-attacks during the holidays.
- Maintain the highest standards of cyber-hygiene across the organization.
- Establish a robust contingency and incident response plan that factors into the staffing issues and other challenges that arise during the holiday season. Onboarding a managed security solution addresses the staffing issue as certified security experts become available to ensure that your organization’s systems and networks are always available, even during the holidays.
- Minimize the risk of human errors through continuous awareness and education of employees and other users.
The Way Forward
Cyber-attacks during holidays are preventable with an effective, intelligent and managed security solution like Indusface’s AppTrana.
