Cybercriminals are savvy, calculating, and methodical. Like any good thief, they do their homework, investigating potential targets, stalking them to track habits, and identifying weak entry points. They are also patient, waiting for the perfect time to launch an attack. Attackers hit the hardest when defenses are at their lowest. More often than not, that moment is when offices are closed – holidays and weekends.
The COVID pandemic has further exacerbated the empty office situation creating an all-around general rise in cyber-related crime due to the mass “work from home” migrations. Once the opportunity of a significant work environment shift was obvious, cybercriminals shifted their focus to even more developed timed and strategic attacks begin. According to the FBI, cybercrime has skyrocketed 300% since the pandemic started. Small businesses are overwhelmingly targeted, accounting for 43% of all attacks. While companies in the finance and insurance sectors have experienced the most attacks out of all industries over the last five years, attacks against the manufacturing and energy sectors have increased significantly in the last two.
Holidays Create Cyber Attack Opportunities
Holidays and weekends are synonymous with closed offices or, at best, skeleton crews. Executives, senior employees, and team leaders, those most likely to be able to jump into action should an attack be detected, are rarely at work during these times. Even when called to the office in the wake of an attack, they might not be effective. A Cybereason report found that 75% of those who headed in to help outside of working hours were intoxicated.
The fact that hackers repeatedly strike during these office downtimes isn’t news, yet security teams seem to have missed the memo. So, we are here to remind you that Christmas is a few days away, New Year’s is the following week, every month has a holiday, and weekends come like clockwork.
2021’s Biggest Holiday and Weekend Attacks
This year has seen some of the worst cyber attacks in history. What do they all have in common? You guessed it… they occurred during major holidays when staff took advantage of long weekends to travel or enjoy a family BBQ.
Kaseya: July 4th Weekend
With the US holiday falling on a Sunday, IT solutions developer Kaseya, like most other businesses, gave employees the preceding Friday off. Knowing this, an affiliate of the REvil cyber gang struck and struck hard, mounting the largest ransomware attack to date. The Russian-linked hackers demanded $70 million in cryptocurrency to access a universal decryption key that could unscramble affected machines. Since it was a supply chain attack, it was felt far beyond Kaseya, affecting 800-1500 SMBs. Fortunately, Kaseya obtained a decryption key from a third party without paying any of the ransom.
JBS USA: Memorial Day Weekend
In late May, the same hacking group REvil launched an attack against food industry giant JBS USA, rendering all of its US-based beef facilities inoperable and disrupting business at its Australian facilities. The CEO of JBS USA, Andre Nogueira, decided to pay the $11 million ransom in bitcoin stating, “We felt this decision had to be made to prevent any potential risk for our customers.”
Colonial Pipeline: Mother’s Day Weekend
On April 29th, the Russian-linked hacker group DarkSide, took down the US’s largest fuel pipeline owned by Colonial Pipeline, triggering shortages and panic across the East Coast. In this instance, the attackers gained access to Colonial Pipeline’s network through a VPN that was not in use. Since the VPN lacked multifactor authentication, the breach only required a username and password. Later, it was discovered that the single password the hackers used had been leaked on the dark web. Hackers demanded a $4.4 million ransom and threatened to release 100 gigabytes of data if the company didn’t pay (they did).
How to Protect Your Business from a Cyber Attack
You may be thinking: enterprises with huge security teams aren’t immune to cyber attacks, so how can I possibly protect my SMB? While there is no foolproof solution, the good news is that there are always steps a business can take to be better prepared and protected.
For SMBs, the vast majority of ransomware attacks start with some sort of social engineering, phishing, or web app attack. Training employees to identify potentially dangerous material, so they don’t click infected links is the first step and is generally the most effective company-wide approach.
It may seem like a no-brainer to security professionals but teaching employees how to create strong passwords is a must. Even in 2021, when everyone knows better, ‘12345,’ ‘qwerty,’ and ‘password’ remain the most commonly used passwords. To strengthen defenses further, create a security policy that requires multifactor authentication. Limit password reuse and give employees access to a password manager app so they can use strong passwords without having to remember them.
For the security teams, the steps are more demanding, but as they are experts, it should be an anticipated part of their job. Routinely back up data and store the backup in a different location. In the event of a breach, you’ll be able to restore your data quickly and avoid paying a ransom for it. Security leaders should develop a strong incident response plan and ensure that multiple team members can execute it to prevent a one-person-knows-all situation.
A final recommendation, particularly relevant for SMBs with limited security resources, is to partner with a cybersecurity firm that can provide 24/7 monitoring and response. These companies are well-versed in identifying potential threats, investigating them, and providing mitigation or remediation. Unless you are prepared to have a top-level employee constantly watching your environment, including during the holidays and weekends when hackers know companies are most vulnerable, a security partner offers the most proactive solution.
Don’t delay. Another holiday or weekend is always around the corner!