With the Fourth of July holiday weekend approaching, it's a
great time to remind public and private sector organizations to stay vigilant
and take appropriate precautions to reduce their risk of cyberattacks.
According to the Check Point Research (CPR) Threat Intelligence
Report, the global average number of weekly attacks on organizations in travel
and leisure has gone up by 60% in June 2022 compared with the first half of
June 2021. In the period May to August 2021, attacks in these sectors saw a 73%
rise and this year is likely to see a similar spike with one of the key trends
being hackers impersonating established brands with phishing attacks, as
holidaymakers look for last-minute breaks and late availability travel, hotel
and attraction deals.
Here's what a few industry experts had to say on the topic
of cybersecurity threats over the holiday weekend:
++
Jonathan Knudsen, Head of
Global Research at the Mountain View-based Synopsys Cybersecurity Research Center
"Historically, holidays are a good time to launch an attack.
George Washington famously led his troops in an attack on Christmas day in
1776.
The holidays are typically a time when staffing is lower and
fewer eyes are watching for intruders. Today's ransomware attacks attempt to
take advantage, using weekend or holiday time for network infiltration and
encrypting or exfiltrating a victim's files.
Organizations in the US should make sure that monitoring is
full strength and staff are available for incident response as we head
into the Fourth of July weekend."
++
Aaron Turner, CTO, SaaS
Protect at Vectra
"A significant majority of cyber attacks now are executed by
people with profit motivations. The longer that victims take to respond, the
greater likelihood that that the attackers can succeed to maximize their
opportunities. While ransomware attacks are the focus today, the trend of
attackers exploiting vulnerabilities during holidays is one that has been in
place for decades. With IT workers wanting to enjoy a holiday with friends and
family, security teams may not be fully staffed, administrators with privileges
to stop attackers in their paths may not answer calls or emails as quickly, and
those reduced resources and delayed responses result in an advantage for
attackers.
In years past, enemies of the United States have attempted
to embarrass US government and military cyber security teams around July 4th.
At this time of elevated risk due to the Russia/Ukraine conflict, Russia
definitely has motivation to exploit the holiday in some way.
Whether it is a nation/state attack attempting to score a
virtual victory against the US or a lowly ransomware operating looking to
extract some cryptocurrency from an understaffed company whose IT team is
taking some time off for the national holiday, there is surely going to be some
cyber attack action this coming holiday weekend."
++
Matthew Warner, CTO and
Co-Founder at Blumira
"Threat actors are opportunistic, and they know that IT and
security teams will be limited over holiday weekends. Last year, attackers took
advantage of the July 4th holiday by launching a ransomware attack on MSPs and
their SMB customers through the Kaseya VSA.
Before the weekend, organizations should ensure that their
systems are fully patched to prevent an attacker from exploiting potential
vulnerabilities.
It is always
extremely important that organizations focus on detecting the first three steps
of a ransomware attack: discovery, gaining a foothold, and escalating
privileges. Detection, in addition to being aware as to what data you hold,
will allow you to quickly respond to attacks and worst case be sure of
post-exploitation handling of a ransomware event."
++
Phil Neray, Vice President
of Cyber Defense Strategy at CardinalOps
"Apart from the usual sage advice on ransomware - make sure
you're up-to-date on patching and backups, and have already implemented MFA - I
recommend making sure you have 24x7 SOC personnel monitoring your networks for
any unauthorized or suspicious activity, so they can quickly shut down an
attack before it reaches your crown jewels. Even the most rigorous patching
regime can't protect against one of your trusted suppliers being compromised in
a supply chain attack or one of your users having their
credentials stolen, so rapid detection and response is essential."
++
John Bambenek, Principal
Threat Hunter at Netenrich
"Any time there is an extended holiday, ransomware operators
use it as an opportunity to be spiteful and to take advantage of lower staffing
levels. Any ransomware group planning to use the Fourth of July is already in
the network with the access they need and waiting to strike. Here, automated
protection is key, for instance, to prevent PowerShell from being used to
deploy malware across an environment when no one is around to raise alarm
bells."
++
Brian
Spanswick, CISO, Cohesity
"The FBI and
cybersecurity officials have previously issued warnings emphasizing that bad actors often deploy ransomware strikes on holidays and weekends,
when offices are normally closed. I wouldn't be surprised if cyber criminals
have July 4th circled on their calendars. As we approach this holiday weekend,
it's a great reminder that IT and security leaders must work together to
safeguard customer and employee data, and have a data security strategy in
place that's not only focused on prevention, but also on protection, detection,
and recovery.
Our
recent research
shows that collaboration between IT and security teams is often sub par. More than 80 percent of IT and SecOps decision-makers agree their
organizations would be better prepared to recover from cyber threats, including
ransomware attacks, if these groups collaborated more closely. So, to keep bad
actors at bay and help ensure business continuity, including during and after
the Independence Day holiday, now is the time to optimize collaboration and
prioritize next-gen data management that's inline with the NIST Cyber Security
Framework."
++
George Axberg,
VP of Data Protection, VAST Data
"The 4th of
July, and other long holiday weekends, are historically some of the biggest
windows for ransomware attacks. The onslaught of ransomware has spawned a ‘digital pandemic' in which
any organization can suffer crippling attacks and disastrous outcomes. For many
organizations, it's not an ‘if' scenario, but rather a ‘when' or a ‘how often'
they will be targeted.
Taking
proactive measures to protect and harden backup data, while providing optimized
restore speeds, should be among organizations' top priorities in the ransomware
era. Tools like VAST's Universal Storage architecture enable fast backup and
even faster restores of all data, allowing customers to recover quickly in the
event of an attack."
##