The Christmas and end of year holidays are swiftly approaching. It’s a time of year in which people go about spending more time with family and loved ones instead of working so hard at the office. It’s a unique window of time when people enjoy holiday festivities and absorb themselves in finding that perfect gift for that special someone. Sounds like it’s the perfect time to launch a ransomware attack.
Warnings and Historical Trends
We don’t want to sound like the grinch and put a damper on the Christmas holidays, but the German cybersecurity authority, BSI along with the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have all issued warnings to companies to be extra alert over the approaching holiday season for ransomware and other types of cybersecurity attacks. There cautionary warnings are well founded and supported by historical data.
According to the reports, there was a 30% increase in the average number of attempted ransomware attacks during the holiday season in each consecutive year between 2018 and 2020. Their research also points to a 70% average increase in attempted ransomware attacks in November and December compared to January and February.
Darktrace also released a report showing that ransomware attacks increase globally during the holiday season, with a 30% increase in the average number of ransomware attacks over the holiday period compared to the monthly average. The researchers also highlighted a 70% average increase in attempted ransomware attacks in the months of November and December, compared to January and February.
Like the German and US authorities, they too expect a surge in ransomware attacks this holiday season. All of this makes perfect sense as cyber-attacks are the most effective when users are distracted and less vigilant. Now compound that with enterprises having skeleton IT and cybersecurity staffs on site and you have the makings of a perfect storm. For ransomware gangs and malicious threat actors, it truly is the most wonderful time of the year.
Return of Emotet
The German cybersecurity authority’s recent warning involves concern over Emotet. In their publicized warning they state the following:
“Based on experiences prior to the Emotet takedown in early 2021, waves of attacks carried out by the Emotet botnet, and subsequent execution of ransomware will increasingly hit German organizations in the coming weeks (especially during the “Christmas holidays”).”
Emotet is a Trojan that spreads malware, including ransomware, to other computers much like a worm. Department of Homeland Security describes Emotet as one of the most costly and destructive malwares in existence. The Emotet botnet was responsible for a large wave of attacks on Microsoft Exchange servers earlier in 2021 that took full advantage of multiple discovered vulnerabilities in the email system that can be exploited. According to another cybersecurity firm, Rapid7, an October study showed that 72% of Exchange servers are still susceptible to at least one of those identified vulnerabilities. Therefore, Germany’s BSI is urging companies to install all applicable Exchange patches before their staffs begin taking off for the holidays. There is evidence that the Emotet gang has recently rebuilt its botnet that they then distribute as a ‘Ransomware-as-a-Service’ to malicious actors. The German authorities report that the new botnet is already infecting systems that they can then use as springboards for attacks.
Dire Warnings by CISA and FBI
While U.S. authorities have issued holiday warnings about multiple threat types including phishing scams, spoofed websites, typosquatting and unencrypted financial transactions, they are primarily concerned about ransomware. Both agencies are urging organizations to remain vigilant over the coming holidays. This includes examining their current cybersecurity postures, implementing best practices, including ensuring that all systems and applications are fully patched. In addition, the agencies list the following actions that companies can take to protect themselves over the vulnerable holiday period.
- Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
- Implement multi-factor authentication for remote access and administrative accounts.
- Mandate strong passwords and ensure they are not reused across multiple accounts.
- If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
- Remind employees not to click on suspicious links, and conduct exercises to raise awareness.
Email and Internet Filtering over the Holidays
Nearly all cyber attacks originate from the Internet and email continues to be the primary delivery mechanism used by cybercriminals to deliver their malware creations that can quickly disrupt the holiday season and make it a blue, blue Christmas. That’s why it is imperative to have powerful email and internet filtering security systems in place to protect your data and employees. At TitanHQ, our filtering solutions such as SpamTitan and WebTitan work 24/7 to protect your users whether they are at work or at home with their families celebrating the holidays.
Learn more about TitanHQ’s new AI-driven anti-phishing solution, SpamTitan Plus.
Book Free Demo