It’s easy for organizations to ease up during the holiday season. Employees take time off, work tends to slow down, and there is the electricity of excitement, hope, and possibility that you can almost touch.
Hidden beneath the surface, however, are nation-state attackers and cyber criminals just waiting for an opportunity to exploit. Fewer eyeballs monitoring systems, looking for anomalies, and ensuring that the system is locked down means there is more opportunity for these threat actors.
Earlier this year, the FBI and Cybersecurity & Infrastructure Security Agency (CISA) issued an alert, noting that they had “observed an increase in highly impactful ransomware attacks occurring on holidays and weekends.”
The Bangladesh Bank Heist in 2016, which is believed to have been carried out by North Korean hackers, took advantage of the holidays and a long weekend to steal US $101 million. The attack began on a Thursday night in Bangladesh, where banks are closed on Friday, and involved the Federal Reserve Bank in New York, which started to transfer funds as requested.
The Bangladesh bank noticed the robbery was in progress two days later, but the Fed was closed for another day. In the meantime, funds were transferred to the Rizal Commercial Banking Corporation (RCBC) in the Philippines, where they were celebrating Chinese New Year. Bangladesh Bank informed the RCBC that stolen funds had landed in accounts in their bank and requested that the funds be frozen. However, Chinese New Year is a non-working holiday in the Philippines, and by the time employees saw the SWIFT message, over $58 million was already gone.
Holiday Season: A Prime Time for Attack
The list of holiday attacks is long. Colonial Pipeline paid $4.4 million in ransom to a Russian-based hacking group after a Mother’s Day attack in 2021. Russians also attacked JBS, a meat processing plant, over Memorial Day in 2021 and Kaseya, a software company, over the July 4 Holiday weekend.
With many IT professionals out of the office for a holiday, it’s an ideal time for an attack. Even those offices with a security crew in place are often operating a skeleton crew. With fewer people available to respond to threats, it’s far easier for criminals to break through security perimeters.
Even when IT teams are fully staffed, however, they are often distracted by the season’s excitement. Considering that 95% of data breaches are caused by human error, it’s easy to see how that can increase during this time of the year. To make matters worse, phishing attempts generally increase over the holidays, and with employees distracted, they are more vulnerable to handing over their credentials.
This is also a time of year when retailers are incredibly vulnerable to ransomware and DDoS attacks. Threat actors recognize that this is the most important season for retailers, who are willing to pay high ransoms to stay online during the critical holiday sales season.
Maintain a Strong Defense
When organizations think about their cyber posture, they need to consider security during periods when they are most vulnerable. Their security tools and plans must keep them secure during those times.
An effective cybersecurity program begins with automated tools that can monitor systems and point out any vulnerabilities to your SOC team or CISO. It should be capable of detecting threats and contributing to the organization’s understanding of threat intelligence.
AI tools are particularly effective at reviewing patterns and identifying anomalies indicating an impending attack that would otherwise have gone unnoticed. AI tools help cyber teams save time and help eliminate false alarms that make security teams grow complacent while focusing their attention in the wrong direction.
Introducing identity management capabilities as part of a holistic cybersecurity program is another way organizations can stay safe this time of year. Even when employees are tricked into handing over their security and login credentials, an identity management tool that uses multi-factor authentication can keep nation-state-grade threat actors at bay.
After the Holidays
Organizations that are genuinely concerned about maintaining the security of their network should conduct post-holiday threat-hunting exercises. The Bangladesh Bank Heist, which we mentioned earlier, began with an infiltration one year before the attack. A job seeker sent the bank a CV and cover letter in January 2015. Those files contained malware hidden within, and when the file was downloaded, it exposed the bank.
The malware sat within the network for over a year while the attackers planned their heist. A successful threat-hunting operation would have discovered the malware and saved the bank over $100 million.
It may be nearly impossible for organizations to prevent all malware from entering their system. However, when the holidays are over, it is in their best interests to run a threat-hunting operation and ensure the network is clean.
Contact us today to see how our cyber experts can keep your network secure from nation-state-grade attacks this holiday season!
