With the holidays drawing near, many organizations are gearing up for their busy season.
Unfortunately, cybercriminals are, too.
According to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), the US has recently experienced a surge in “highly impactful” cyberattacks on and around major holidays. Cybercriminals know that during these times, IT teams are short staffed, response times are slow, and employees are distracted, all of which set the perfect stage for a successful attack.
In this article, we’ll break down five of the most pressing holiday threats and six timely, cost-efficient ways to protect against them.
The Threats
1. Ransomware attacks
Ransomware attacks are one of the largest holiday threats, with the notable attacks on 23andMe, Staples, Kaseya, and Ferrara Candy Company all occurring on or near one.
In these attacks, hackers download malicious software onto victims’ machines after victims unknowingly click a malicious link, attachment, or ad. Once downloaded, the software locks organizations out of their files — and in some cases, steals the files — and demands a ransom payment to regain access.
Threat actors know that during the holidays, employees are more likely to confuse a phishing email for a legitimate email because of how many other promotional emails, order confirmations, and tracking messages they’re receiving.
Remember — all it takes is one employee falling for a ransomware attack for your entire organization to lose access to company files.
2. Phishing attacks
Spear phishing attacks are another holiday favorite for threat actors.
Consider an HR employee receiving an email from the “CEO” requesting a list of everyone’s full names and addresses so that Christmas goodie bags can be mailed out, or an email requesting the purchase of gift cards for bonuses. Both of these requests are reasonable for this time of year, so unless employees are well-trained in spotting phishing emails, they’re likely to fall victim.
3. Attacks via unsecured networks
During the holidays, employees often use public Wi-Fi while traveling or working remotely. This poses several threats, such as:
- Man-in-the-Middle Attacks: Cybercriminals intercept the connection between an employee’s device and the internet in order to obtain access to all the data the device is sending out and/or intercept conversations.
- Malicious Hotspots: These fake Wi-Fi networks mimic legitimate ones, allowing threat actors access the data of all connected devices.
- Unencrypted Networks: These prevalent networks allow anyone nearby to view a large portion of an employee’s network traffic, putting private documents, login credentials, and more up for grabs.
Many employees also plug their work devices into USB charging points at airports and stations, enabling threat actors to easily deploy malware.
4. Web skimming attacks
Web skimming attacks occur when hackers break into the backend of what’s typically a retail website to steal payment information from customers. They do this by injecting custom code into the site that directs any information users enter back to their own systems.
These attacks can take place at any time of year, but research shows they’re more likely to occur during heavy-traffic periods like the holidays when attackers can steal more data in less time (Akamai, 2022).
5. Bot attacks
Bot attacks — particularly credential stuffing attacks and distributed denial of service (DDoS) attacks — are another common holiday cyberattack that can seriously impact retail businesses.
In credential stuffing attacks, attackers deploy bots that repeatedly “stuff” stolen usernames and passwords into websites with the goal of eventually gaining access. These attacks are growing, with a 2023 report finding that over 49% of data breaches were caused by stolen credentials (Verizon, 2023).
In DDoS attacks, hackers use thousands of bots to overload a website or network to the point of being unusable. These attacks are available for hire, and many companies report being attacked by competitors.
The Solutions
1. Validate your protection with Ransomware Assessments
Ransomware Assessments by SP6 are an automatic, continuous way to simulate known ransomware attacks across your entire security ecosystem. By mimicking attacks from 307 ransomware families, ransomware assessments empower you to find and fix security gaps before adversaries exploit them.
Ransomware assessments are inexpensive and can be set up in under a week, making them perfect for the quickly approaching holidays.
2. Invest in and optimize ransomware detection
Another top way to stay protected against holiday cyberattacks — especially ransomware attacks — is to have a robust detection system in place.
By continuously scanning your network for unusual activity and alerting your IT team whenever a threat is found, advanced detection tools allow you to detect and respond to malware before your files become encrypted.
Investing in a high-quality monitoring system is only half of the picture. It’s also crucial that you know which detection techniques to deploy and how to best deploy them. Our Security Use Case Workshops are great for organizations needing guidance on this.
3. Get more out of your security team
You may have a great detection system in place, but if you don’t have an equally great response system, your organization is still at risk.
The average security team receives more alerts each week than they can handle, which makes automated solutions with quick set-up times like Splunk Security Orchestration, Automation, and Response (SOAR) such game changers. By consolidating multi-step threat responses into singular automated actions, SOAR solutions allow you to:
- Respond to thousands of alerts in seconds
- Save up to 35 hours a week
- Reduce the need for human involvement
- Stop letting critical threats go unaddressed
4. Employ threat hunting
Although automated monitoring tools detect the majority of threats, sophisticated threats that mimic human behavior sometimes slip through unnoticed.
Threat hunting is a proactive approach to security that involves actively investigating systems for any threats that may have gone undetected. Having skilled IT professionals hunt for threats themselves, especially during the holidays, is a great way to make sure your monitoring system is catching everything.
5. Keep your software up to date and patch any known vulnerabilities
Once a vulnerability is known, it’s only a matter of time before hackers start taking advantage. That’s why establishing a regular patching schedule and removing applications that are not in use and/or end-of-life is so important.
6. Ramp up cybersecurity training for employees
With most breaches stemming from human error, educating your employees on staying safe online is key. Consider ramping up security training prior to the holidays to make sure things like phishing detection, password safety, device safety, and Wi-Fi safety are at the top of your employees’ minds.
Bottom Line
The holiday season can be dangerous, but by implementing these six best practices, your organization can be in a much better position to fight cyberattacks.
At SP6, our cybersecurity experts are highly experienced in helping organizations leverage their data to fortify their security. Start a conversation with us today to learn how we can get you started with any of the above solutions.