The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI issued a joint Alert this week, entitled “Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends” outlining “actions that executives, leaders and workers in any organization can take proactively to protect themselves against cyberattacks, including possible ransomware attacks, during the upcoming holiday season—a time during which offices are often closed, and employees are home with their friends and families.”
Sounds like a perfect time to launch an attack against unsuspecting victims. It is a perfect time for a cyberattack, and we know this because this is the season when cyber criminals know people are most distracted.
The same is true for critical infrastructure operators. According to CISA, “As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you.” Cyber criminals don’t take the holidays off. This is their busy season. The Alert notes that there also was an up-tick in ransomware attacks during the Mother’s Day and Independence Day weekends.
CISA and FBI are urging organizations to:
- “Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
- Implement multi-factor authentication for remote access and administrative accounts.
- Mandate strong passwords and ensure they are not reused across multiple accounts.
- If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
- Remind employees not to click on suspicious links, and conduct exercises to raise awareness.”
CISA and the FBI have issued a comprehensive overview of steps organizations can pro-actively take to protect themselves from ransomware attacks in the resource “Ransomware Awareness for Holidays and Weekends.”
This holiday weekend, and throughout the holiday season, remind users of the increased threat and to stay vigilant.