US government warns of increased ransomware threats during Thanksgiving

Though the feds haven't identified any specific known threats, criminals  are prone to strike when key employees are traveling or spending time  with family and friends.

The Thanksgiving holiday is an occasion for most people in the United  States to enjoy time at home with family and friends. But it's also a  prime opportunity for cybercriminals to attack, knowing that offices are  closed and that security professionals are away from work. An alert issued Monday by the Cybersecurity and Infrastructure Security Agency and the FBI urged organizations to be on guard for ransomware attacks that take advantage of worker downtime during Thanksgiving.

Launching cyberattacks during a holiday or even a weekend is hardly a  new strategy for criminals. For example, ransomware attacks have  occurred in the past on Independence Day and Mother's Day weekends. But  the surge in high-profile ransomware incidents raises more of a red flag  than ever.

Citing recent history, CISA and the FBI caution that  cybercriminals around the world are eager to disrupt the vital networks  and systems of businesses and critical infrastructure. And what better  time to strike than Thanksgiving, which is not just a day off for a lot  of people but a symbolic event for many Americans?

n the alert, CISA stressed that neither it nor the FBI have  identified any specific threats that might occur on or around  Thanksgiving. But with or without advanced warning, organizations need  to be prepared for attacks designed to take advantage of the holiday.

"The  one thing cybercriminals love more than money is attacking during  holiday weekends specific to American culture," said James McQuiggan,  security awareness advocate for KnowBe4. "Whether it is the July 4th  holiday, near Labor Day or especially Thanksgiving, they release their  ransomware attacks or other data breach efforts on the few days leading  into holiday weekends."

To help your security staff protect your  organization from holiday-based ransomware attacks, CISA and the FBI  advise you to analyze your existing cybersecurity processes and follow best practices to reduce the risks.

More specifically, the agencies offer the following tips:

  1. Identify  IT and security employees who are available weekends and holidays and  can act quickly in the event of a ransomware attack or other incident.
  2. Review  your incident response and communication plans so you're aware of the  actions to take and the people to contact if an attack occurs.
  3. Set up multi-factor authentication for remote access and administrative accounts.
  4. Enforce strong passwords throughout your organization and make sure they're not reused across different accounts and services.
  5. Ensure that any remote desktop protocol service is secure and monitored.
  6. Instruct employees to not click on suspicious links in emails and messages.
  7. Conduct training exercises to raise awareness among your employees.

Further,  ransomware attacks are often preceded by some type of scam or ploy  designed to gain access to account credentials, vulnerable systems and  critical networks.
With the holidays in mind, CISA and the FBI advise  you to watch out for the following threats:

  1. Phishing scams, including unsolicited emails that impersonate charitable organizations.
  2. Phony  websites that masquerade as reputable businesses, especially shopping  sites that people typically visit during the holidays.
  3. Unencrypted financial transactions, which are aimed at stealing funds or sensitive financial data.

"Cybercriminals  are acutely aware that their targets are much slower to respond to  alerts that would otherwise give them away during holidays," said Chris  Clements, VP of solutions architecture for Cerberus Sentinel. "Many  organizations move to skeleton crews staffed by mostly junior personnel  or even completely on-call duties that significantly impact the speed  and effectiveness of responding to indicators of compromise. It's no  fun, but organizations must make this truth a part of their overall  security strategy to ensure that they have adequate capabilities to  detect and respond to a cyberattack even during the holidays."