The most vulnerable time of the year: Cyber Attacks
Organisations face an ongoing challenge with cyber scams throughout the year, but the festive period sees a significant surge as cybercriminals capitalise on the distractions of shoppers and busy staff to execute targeted attacks. Ransomware attacks increased by around 30% during the festive season compared to regular months.
Distractions often lead to lapses in attention and heightened vulnerability, and Christmas tends to be when employees are more prone to lower their guard. During this festive period, inboxes become inundated with many eCards, discounts, messages from friends and family, and delivery notifications from online shopping platforms. Exploiting this heightened activity, fraudsters launch large-scale phishing scams.
Organisations must ensure that their staff remains vigilant against phishing attacks. These attacks may originate from external sources and manifest through seemingly legitimate internal communications, such as emails from senior management or updates on office opening hours.
Read this article to see the top 5 scams to look out for this Christmas.
3 Reasons why cyberattacks increase during the festive period
- During holidays, IT professionals are away from the office, leading to a reduced presence of in-office staff. This situation brings drawbacks, including distracted employees, decreased personnel available to address threats, and extended response times. These factors collectively elevate the likelihood of success for cyberattacks.
- Phishing emails and deceptive websites exploit popular shopping events like “Black Friday”, Christmas sales and special deals. In these instances, threat actors employ tactics to entice consumers, allowing them to acquire sensitive information and introduce malware into systems.
- Elevated network traffic places strain on company networks, creating opportunities for threat actors to exploit vulnerabilities and initiate Distributed Denial of Service attacks (DDoS).
5 Common cyber attacks to look out for this festive season
Tis the season for
Ransomware
During the holiday season, ransomware emerges as a prevalent and impactful malware, posing a significant threat to numerous organisations by restricting access to data until a ransom is paid.
According to the NSC annual review, between September 2022 and August 2023, they received 297 reports of ransomware activity (‘tips’), triaged into 28 NCSC-managed incidents, 18 of which were categorised as C3 (significant incident) and above. The top five sectors reporting into the NCSC were academia (50), manufacturing (28), IT (22), finance (19) and engineering (18).
Threat actors can deploy ransomware via malicious links in phishing emails or through malicious code embedded in a compromised website. Employing defensive measures such as effective email filtering, robust password policies, and adopting the principle of least privileged access can significantly diminish the likelihood of falling prey to a ransomware attack.
Tis the season for
Phishing Emails
The predominant strategy employed in email fraud during the holiday season involves sending deceptive emails featuring incredible offers and deals, cleverly designed to appear as if they come from reputable companies. This approach also encompasses the dissemination of fabricated alerts regarding supposed subscriptions to services like banking, telecommunications or shopping sites—these false notifications prompt recipients to divulge personal information under the guise of resolving the purported issue. There were an estimated 255 million phishing attempts in 2022, a 61% jump over the prior year.
Implementing and consistently updating phishing email filters, restricting the downloading of attachments, and providing cybersecurity training are effective measures for minimising the likelihood of falling victim to phishing attacks.
Tis the season for
Data Breaches
Data breaches may occur through diverse cyber-attacks, including malware infections, phishing, ransomware, and password attacks. These incidents are often heightened during the festive season when employees may be more distracted and prone to negligence in adhering to security protocols.
The abundance of crucial data circulating online during the holidays provides motivation for threat actors to exploit vulnerabilities and capture valuable information. Establishing security awareness through training and fostering a strong security culture can serve as a proactive measure to prevent breaches in their early stages. Introducing holiday-themed security messages is one strategy to enhance awareness during this festive period.
Tis the season for
Distributed Denial of Service (DDoS) attacks
Experiencing a disruption in a business’s resources caused by a DDoS attack constitutes a significant loss that a company cannot afford. Such an incident can result in dissatisfied customers, revenue loss, and harm to brand reputation. While DDoS attacks may not be as prevalent as before, given the relatively simple execution of ransomware attacks, this attack method may no longer be a top priority on many risk registers.
Nevertheless, organisations must evaluate a DDoS event’s risk and potential impact. Proper preparation of assets and technologies is crucial to withstand potential DDoS attacks. Many internet service providers offer DDoS prevention services, and organisations should carefully consider these services about the associated risks.
Tis the season for
Breached Passwords
Threat actors typically attempt to compromise a system through the compromise of passwords, making compromised credentials the prevailing initial attack vector. Consequently, organisations should enforce robust password protection policies and protocols for their employees. Advanced password managers now provide corporate-class versions, effectively addressing issues linked to weak or reused passwords. Additionally, incorporating multi-factor authentication is essential to provide an extra layer of defence against brute-force password attacks.
