History Shows Threats Ramp Up When Businesses Shut Down

Labor Day weekend is upon us. Unfortunately, history has shown that, rather than resting, hackers and other threat actors take advantage of holidays to attack closed or understaffed businesses when they least expect it.

To remind businesses not to let their guard down over the holiday weekend, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a Joint Cybersecurity Advisory, “Ransomware Awareness for Holidays and Weekends.” The advisory urges businesses “to examine their current cybersecurity posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware.” The FBI and CISA have no specific intelligence indicating a particular attack will occur, but these agencies have taken the opportunity, as is Fox Rothschild through this client alert, to remind businesses to stay vigilant over the holiday weekend and take proactive steps to prevent future cyberattacks.

CISA and the FBI note that in 2021 ransomware attacks on or before Mother’s Day weekend, Memorial Day weekend and the Fourth of July weekend had a significant impact on a number of critical industries. In order to mitigate the risk of these ransomware attacks, CISA and the FBI urge businesses to conduct proactive “threat hunting,” a proactive strategy that involves searching out intrusions or malware on systems or the network before a full-scale attack is launched. CISA and the FBI describe threat hunting to include “understanding the IT environment by developing a baseline through a behavior-based analytics approach, evaluating data logs, and installing automated alerting systems.”

These attacks are a serious threat to businesses of all sizes and industries. Based on statistics from the FBI’s Internet Crime Complaint Center (IC3), there has been a 20% increase in the number of ransomware incidents since 2020, and a 225% increase in the amount of the ransom demand since 2020. Furthermore, although many sophisticated ransomware groups conduct “big game” attacks on large businesses, small and medium size businesses with fewer resources to dedicate to cybersecurity also face significant risks. Adding to the danger, cyber threat actors are increasingly utilizing a “lock and leak” approach, in which not only is a business’ data encrypted, the data is also exfiltrated from the business to use as leverage. Cyber threat actors threaten to publish the business’ sensitive information if the ransom is not paid.

The Joint Cybersecurity Advisory provides best practices and recommended mitigations to assist businesses in taking appropriate next steps to protect their IT environments. The FBI and CISA recommend setting up an “on call” system for IT security employees over weekends and holidays so a business can quickly react to a ransomware attack. Furthermore, the FBI and CISA recommend implementing the following network security best practices:

1. Make offline backups of your data, and implement a regular backup schedule.
2. Implement a user training program and conduct phishing awareness exercises to help employees recognize the various threats the organization can face and how to respond and thwart them.
3. If your business uses Remote Desktop Protocol (RDP), or other risky services, secure and monitor it.
4. Update your operating systems and software, and scan for vulnerabilities.
5. Ensure strong passwords by having a strict password policy.
6. Use multifactor authentication.
7. Secure the network(s); implement segmentation, filter traffic and scan ports.

[View source.]