The Federal Bureau of Investigation (FBI) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) recently warned organizations to stay vigilant against cyberattacks on holidays.
The agencies stated that they have "observed an increase in highly impactful ransomware attacks occurring on holidays and weekends — when offices are normally closed — in the United States, as recently as the Fourth of July holiday in 2021."
According to the head of Cybersecurity Strategy at VMware, cybercriminals are "well aware" that organizations task "skeleton crews" with protecting their networks during weekends, holidays, and major events like the Super Bowl.
An affiliate of the "REvil" cyber gang committed the largest ransomware attack in history against the software company Kaseya at the beginning of the Fourth of July holiday weekend.
Similarly, Russian-associated cyber criminals attacked the meat processor JBS with ransomware on Memorial Day weekend, which led the organization to pay an $11 million ransom.
Colonial Pipeline paid a $4.4 million ransom after DarkSide forced it to shut down operations in a ransomware attack preceding Mother's Day weekend. The FBI later recovered $2.3 million of the ransom from the Russian-based hacking group.
Following that incident, the Transportation Security Administration (TSA) began requiring pipeline owners and operators to designate "a 24/7, always available cybersecurity coordinator," such as a chief security officer, who can coordinate with the TSA and CISA if a cyberattack occurs on a weekend or holiday. However, many other critical infrastructure sectors do not have such a mandate.
The joint advisory also stated that the ransomware gangs most frequently reported to the FBI during Aug. 2021 were Conti, PYSA, LockBit, RansomEXX/Defray777, Zeppelin, and Crysis/Dharma/Phobos.
The FBI and CISA recommend that organizations backup data offline, avoid clicking on suspicious links, update their software, and use strong passwords and multi-factor authentication to protect their networks. Nicole Sganga "Feds warn organizations not to take a cyber vacation after high-profile hacking on holidays" cbsnews.com (Sep. 1, 2021).