In a joint press release with the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) is warning about holiday cyberattacks, especially ransomware. It is not uncommon to see a spike in cybercriminal activity during the holiday season, most notably since purchases go into overdrive, as many individuals are buying gifts for loved ones. Because purchases, both due to convenience and the pandemic, have moved more into the cyber-realm, cybercrime is an all-too-real threat.
CISA and the FBI are particularly concerned about the presence of ransomware attacks taking over consumers’ devices during the holidays. While they do not name specific ransomware variants or cybercrime groups, CISA bases its warning on the following information:
Although neither CISA nor the FBI currently have identified any specific threats, recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends. CISA and the FBI strongly urge all entities — especially critical infrastructure partners — to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats.
Furthermore, CISA gives the following advice to business leaders to help mitigate ransomware threats during the holiday season:
- Ensure there are IT security teams available for times during the holiday season when the biggest risk of ransomware attack exists, especially Black Friday, Cyber Monday, and Christmas Eve.
- Enforce multifactor authentication for all accounts, especially those belonging to administrative positions and those that allow remote access.
- Make certain that strong alphanumeric passwords are used on all logins in the company and no password reuse is taking place.
- Secure remote desktop protocol (RDP) if your business utilizes it.
- Send out reminders to employees about not engaging with suspicious links, have frequent updates to inform them of potential threats.
In all, some of this may seem basic to the security-minded. Unfortunately, with ransomware attacks still wreaking havoc globally, these reminders from CISA obviously are necessary.
Featured image: Shutterstock