As witnessed by the violent criminal activity seen during the US 4th of July weekend; criminals appear to flourish on holiday weekends. No difference with criminal hacking. Cyber threat professionals and law enforcement officers are constantly reminding the public and private sector organizations to always remain vigilant and take appropriate precautions to reduce their risk of cyberattacks. Often, malicious threat actors take advantage of holidays and weekends to disrupt the critical networks and systems of organizations, businesses, and critical infrastructure. But in reality, attacks can happen any weekend. These hackers realize that everyone wants to take pleasure in their days off from work when staffs are low and the most senior staff members will be relaxing with family and friends.[1] There have been no reported hacks in the US during the holiday, yet many cyber attacks are not immediately reported, especially ransomware type attacks. But, there was a major data breach in China, to which the personal data of 1 billion residents in the country has been put up for sale online.[2]
Recommended best practices include:
- Identifying IT security employees who would be available during weekends and holidays in the event of a cyberattack
- Keeping all systems up-to-date
- Using anomaly detection tools
- Enforcing the principle of least privilege
- Implementing multi-factor authentication (MFA) for administrative and remote-access accounts
- Mandating strong passwords and making sure they're not reused across multiple accounts
- Ensuring that remote desktop protocol (RDP) or other potentially risky services used are secure and monitored
- Reminding employees not to click on suspicious links, and conducting exercises to raise awareness
- Reviewing and, if needed, updating incident response and communication plans that list actions an organization will take if impacted by a cyberattack
These are all everyday practices that should enacted and used. "Cyber risk is business risk, and cyber security is national security during holiday weekends, and all year round," said the current FBI Philadelphia Special Agent in Charge. "We all need to work together to strengthen our country's cyber defense, and we ask all network defenders to prepare and remain alert over the upcoming holiday weekend and, as always, we urge any cyber incidents to be reported to the FBI so we can use our unique mix of authorities and capabilities to investigate."
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.secureworld.io/industry-news/fbi-urges-cyber-vigilance-holiday
[2] https://www.zdnet.com/article/china-data-breach-likely-to-fuel-identity-fraud-smishing-attacks/
Comments