Cybersecurity experts and officials warn that cyberattacks historically increase during holidays and weekends, when offices are normally closed and people are focused on their lives outside of work, emphasizing the importance of banks and credit unions preparing for the time off to come this year.
Although there are no specific reports that a cyberattack will occur during the upcoming holiday season, warnings from authorities and data from cybersecurity firms indicate that the period may present heightened risk.
On Friday, cybersecurity firm Semperis
The report from Semperis also found that organizations in the survey tended to face ransomware attacks following a material corporate event, such as a merger, acquisition, initial public offering or a reduction in workforce. The report stated the financial sector was the most likely to be targeted after such events.
From 2018 to 2020, Darktrace, a cybersecurity firm based in the United Kingdom,
Threat actors can be calculating and persistent in their attacks, according to Chris Inglis, a strategic advisor to Semperis and former national cyber director in the White House, meaning institutions ought to remain vigilant at all times.
“If anything, organizations should increase their security persistence on holidays and weekends, knowing that threat actors aren’t taking time off,” Inglis said.
The FBI and the Cybersecurity and Infrastructure Security Agency warned in 2022 that the two agencies “have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends.” The agencies in a joint statement pointed to attacks the previous year that were launched during long weekends, particularly Mother’s Day, Memorial Day and the Fourth of July.
Cybercriminals, the agencies said, “may view holidays and weekends — especially holiday weekends — as attractive time frames in which to target potential victims, including small and large businesses,” according to the joint advisory.
In some cases, targeting victims during a holiday or weekend can provide a head start for malicious actors because network defenders and IT support for victim organizations are at limited capacity for an extended time, according to the joint advisory.
Besides the standard best practices FBI and CISA suggested in the advisory — using strong passwords and multifactor authentication, keeping software up to date, avoiding suspicious links, securing and monitoring — the agencies also recommended a variety of threat-hunting strategies.
Threat hunting is a proactive strategy to search for signs of threat actor activity. Examples can include reviewing data logs to try to find suspicious or anomalous activity such as increased CPU and disk activity, numerous failed file modifications or unusual network communications. Another strategy is deploying honeytokens — fake API keys, credentials, files or user accounts — to trap anybody who attempts to gain unauthorized access to the fake IT resource.
Beyond protecting themselves, many banks also provide tips to customers — individuals and businesses — to help them reduce their own cybersecurity risk during the holidays, including Enterprise Bancorp, based in Lowell, Massachusetts.
“The holiday season is often a prime season for cyber threats, as many people shop online, travel, and give to charities,” said Brett Buckus, an information security analyst for the bank, in a December blog post. “As always, awareness and education are amongst the best ways to protect against these threats.”