The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned organizations in the United States about the increased risk of cyberattacks over Thanksgiving weekend.
Cyber threat actors are often at their most active during holidays and weekends, as there are likely to be fewer IT and security employees available to detect attempts to breach networks. Recent attacks have demonstrated holiday weekends are prime time for cyber threat actors, with Las Vegas Cancer Center one of the most recent victims of such an attack on the Labor Day weekend.
The warning applies to all organizations and businesses, but especially critical infrastructure firms. Cyber actors around the world may choose Thanksgiving weekend to conduct attacks to disrupt critical infrastructure and conduct ransomware attacks.
CISA and the FBI are urging all entities to take steps to ensure risk is effectively mitigated ahead of the holiday weekend to help prevent them from becoming the next victim of a costly cyberattack.
Steps that should be taken immediately include a review of current cybersecurity measures and to ensure cybersecurity best practices are being followed. Multi-factor authentication should be activated on all remote and administrative accounts, default passwords should be changed, and strong passwords set on all accounts, with steps taken to ensure passwords are not reused elsewhere.
Remote Desktop Protocol (RDP) is commonly targeted by threat actors, as are other remote access services. It is important to ensure that RDP and remote access services are secured, and connections are monitored. If remote access is not required, these services should be disabled.
Phishing is commonly used to gain access to networks. It is important to remind employees to exercise caution with email, never to click on suspicious links in messages, or to open attachments in unsolicited emails. Phishing scams often spoof trusted entities such as charities, well-known brands, vendors, and work colleagues and phishing campaigns are conducted in large numbers at this time of year targeting holiday season shoppers, especially in the run-up to Black Friday and Cyber Monday. Over the next couple of days, it is wise to conduct exercises to raise awareness of security risks.
All staff members will likely want to have time off over Thanksgiving weekend, but it is important to identify IT security employees who can be available to surge into action should a security incident or ransomware attack occur. Prompt action can greatly reduce the severity and cost of a cyberattack.
It is also recommended to review and update incident response and communication plans to ensure they will be effective in the event of a cyberattack. This month, CISA issued new cybersecurity incident and vulnerability response playbooks to help federal civilian executive branch (FCEB) agencies with operational procedures for planning and conducting cybersecurity incident and vulnerability response activities; however, they can be used by all businesses for developing cybersecurity incident and vulnerability response plans.
Mitigations and cybersecurity best practices that can be adopted to reduce risk are detailed in the previously released CISA alert – Ransomware Awareness for Holidays and Weekends.
The post Increased Risk of Cyber and Ransomware Attacks Over Thanksgiving Weekend appeared first on HIPAA Journal.