The holidays are a time of goodwill and cheer that offer an opportunity to gather with family, friends, and colleagues. Unfortunately, along with seasonal cheer and a surge in online ordering, the holidays bring an increased risk of cyber security events, most commonly in the form of phishing and malware attacks.
Threat actors take advantage of the business and the flurry of additional online commerce to craft phishing scams that trick users into clicking malicious links or opening malware-laden attachments. Whether your organization has a surge in orders to fulfill this holiday season, or you need to shop for the right gift for employee appreciation, remain mindful of the tricks threat actors use to gain access to your organization’s network.
Holiday commerce includes an influx in emails which attackers often spoof to trick people. While it may be tempting to immediately click to resolve an issue with an order or locate a package you’ve been searching for, remember to pause and review the email carefully. Be especially cautious regarding certain types of emails:
Does the email contain any obvious misspelled words or variations in the domain name in the email header? Attackers will often spoof legitimate domains and utilize subtle misspellings. The goal of any good phishing campaign is to trick you into acting before you think. Threat actors are also clever and opportunistic; they may comb through your organization’s social media posts to learn precisely where your holiday party was held or what key accounts you may have to launch highly targeted attacks.
Email phishing was the initial vector of attack for 48% of reported claims where this data was available. — Coalition Claims Report
Thankfully, we have some resources to help your organization learn the basics of phishing and what to avoid:
If you believe you have been the victim of a phishing scam, follow these steps:
Everyone loves an early Friday or a long weekend during the holidays — including ransomware gangs. Previously, the FBI warned businesses to remain vigilant over long weekends as ransomware attacks occurred over Mother’s Day, Memorial Day, and Fourth of July weekends. A similar warning was released ahead of the coming Thanksgiving holiday.
Ransomware attacks take time to deploy, and during holidays many organizations will often operate with a reduced staff, giving attackers a chance to slowly encrypt entire networks. While many small and midsize businesses may not view themselves as potential ransomware targets, they are impacted more often than larger organizations. They are also the least able to defend themselves and recover quickly. Our H1 Claims Report found that smaller companies experienced a 57% increase in ransomware attacks.
In 2020 CIR saw 109 active cases, 17 of which took place during the Thanksgiving and Christmas holiday season — that's 15% of the active investigations for the year. Additionally, CIR saw nine pre-claim issues the week of Christmas; these were later determined to be malware meant to propagate throughout the victim's networks during the reduced staffing over Christmas week.
Every year since I have been working in the DFIR space, the weeks between Thanksgiving and New Years are consistently our busiest time. We know these various threat groups are crafting the perfect compromise and what better time to deploy while everyone is off on vacation and spending time with their family. — Leeann Nicolo, Coalition Incident Response Lead
The holidays should bring good tidings and merriment — but ideally not cyber incidents. So keep your organization safe this holiday season by remaining cyber smart online.
If you believe you have been infected by malware, contact Coalition immediately for breach assistance.
Download the 2021 Coalition Cybersecurity Guide for more cybersecurity best practices and tips to begin mitigating your organization’s risk.