FBI and CISA warn that hackers don't rest on holidays

With more celebrations approaching, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) jointly issued a warning that the number of ransomware attacks tends to increase on weekends and holidays.

Although the joint statement notes there's no information of an impending attack, past examples show hackers do strike on weekends and holidays when fewer IT system guardians are present.

"Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends over the last several months," reads the joint statement.

The agencies remind businesses to be especially vigilant over the coming days of the long weekend and advise them to engage in preemptive threat hunting on company networks.

Threat actors tend to strike on weekends and holidays since the majority of the IT employees are either on leave or at home, hindering a fast response to an attack. Even if some personnel are on-premise, there are likely fewer people working during the off days.

"Cybercriminals, however, may view holidays and weekends—especially holiday weekends—as attractive timeframes in which to target potential victims, including small and large businesses," the agencies claim.

According to the statement, attacking on weekends provides a head start for threat actors that conduct network exploitation and follow-on propagation of ransomware.

Alarming tendencies

Many recent major attacks were carried out similarly: Kaseya was recently hit just before July 4 celebration, and in 2013, hackers breached Target data centers just before Thanksgiving.

FBI and CISA reminded that in May 2021, leading into Mother's Day weekend, malicious cyber actors deployed DarkSide ransomware against the IT networks of U.S. energy companies.

Even though the statement does not indicate the name of the hacked organization, the event's timing describes the infamous Colonial Pipeline attack that resulted in gas and fuel shortages in the American Southeast.

Another major attack against a meat supplier JBS happened over the Memorial Day weekend in May 2021. Sodinokibi/REvil ransomware attack affected the U.S. and Australian meat production facilities, causing production to halt in some areas.

On the lookout

FBI and CISA urge businesses to review data logs, deploy honey tokens, employ intrusion prevention systems and establish a baseline to understand the IT environment's routine activity.

"Threat actors can be present on a victim network long before they lock down a system, alerting the victim to the ransomware attack. Threat actors often search through a network to find and compromise the most critical or lucrative targets", reads the statement.

Recent research show that businesses should be aware of a looming threat of ransomware as the number of extortion attacks surged 93% in the last six months. Data shows that U.S. organizations reported 442 weekly cyber-attacks in the first half of 2021.

The agencies actively advise monitoring ransomware attacks over holidays and weekends and designating IT employees to stay 'on call' during off-days. Quick reaction is critical to damage control in the case of many recent attacks.

The statement offers a wide variety of tools to minimize the risks, including making an offline backup of data, updating OS and software, scanning for vulnerabilities, and employing multi-factor authentication.

More from CyberNews:

‘Amazon’s Choice’ best-selling TP-Link router ships with vulnerable firmware

In most cases, paying the ransom is the obvious way out - experts

Why does the U.S. want 'white hats' hacking satellites

The rise of digital currency and a world of e-money

Hybrid work is here to stay, but security concerns are high

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked