The United States Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) this week reminded organizations of all types – with a focus on critical infrastructure – that cybercriminals tend to launch impactful cyberattacks during holidays and weekends.
Over the past years, it has become clear that cybercriminals often plan major cyber-assaults for the time when employees are out of office, namely weekends or holidays such as Independence Day, Mother’s Day, Thanksgiving and Christmas.
“Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure,” the two agencies note in a joint alert.
Organizations, CISA and the FBI say, can take proactive measures to improve their security posture and make sure they can prevent cyberattacks, including possible ransomware assaults, during the holiday season.
The two agencies note they haven’t identified specific threats for this holiday season, but decided to raise awareness on the recent 2021 trends, to make sure organizations have time to prepare for potential attacks.
Thus, CISA and the FBI “strongly urge” organizations – particularly critical infrastructure – to assess their cybersecurity posture and implement mitigations and best practices, such as ensuring that there are employees available to surge in the event of a cyberattack, that multi-factor authentication is in place for remote access and passwords are used, that the remote desktop protocol (RDP) is strongly secured if in use, and that employees are trained to identify phishing attempts.
Organizations should also remain vigilant of unsolicited emails, fraudulent websites that spoof legitimate domains, and unencrypted financial transactions.
“Finally—to reduce the risk of severe business/functional degradation should your organization fall victim to a ransomware attack—review and, if needed, update your incident response and communication plans. These plans should list actions to take—and contacts to reach out to—should your organization be impacted by a ransomware incident,” the joint alert reads.