In the US, the last several holiday weekends have been characterized by massive cyber attacks. In July, the Independence holiday saw an attack on the IT firm Kaseya. Over Memorial Day weekend, major meat processor JBS Foods experienced a severe cyber incident. On Mother’s Day weekend, the Colonial Pipeline attack occurred. What does this suggest regarding the upcoming Labor Day weekend?

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have just released a joint advisory concerning potential cyber attacks during the upcoming long weekend. The advisory pertains to both public and private sector groups. Agency experts advocate for organizations to proactively secure and monitor systems. 

How can organizations avoid a Labor Day weekend attack?

Organizations can work to reduce threat exposure. Agencies recommend preemptive threat hunting across networks. This will enable IT administrators to spot intruders ahead of harm. 

Further recommendations include updating software, segmenting networks, maintaining offline data backups and scanning for vulnerabilities. Identity access management and multi-factor authentication may also prove beneficial. And, organizations should take care to create or update incident response plans.

Words from the FBI and CISA

“The FBI and CISA encourage all entities to examine their current cybersecurity posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware,” stated the advisory.

Administrators are advised to “continuously and actively monitor for ransomware threats” during this upcoming holiday weekend and future holidays. Organizations should exercise caution and employees should be “especially diligent” in cyber security duties. 

Hackers have realized that fewer IT teams monitor networks during holidays. Since that point in time, hackers have targeted high-profile organizations, and infiltrated networks while security staff were on vacation. On occasions when automated security systems have recognized signs of a cyber threat, alerts may have not been read until the following Tuesday, when businesses reopened. 

In direct response to this outcome, the agencies recommend that organizations pin-point a handful of IT security experts who can remain on-call during vulnerable time periods, such as these.

Lastly, investing in technical capabilities to detect the latest email threats, and other ransomware ruses can help. In the past month, US organizations have seen ransomware attacks enacted by the following groups:

  • Conti
  • Pysa
  • LockBit
  • RansomEXX/Defray777
  • Zeppelin
  • Crysis/Dharma/Phobos

Organizations may wish to specifically upgrade security mechanisms in order to contend with these gangs’ ransomware playbooks. In the event of a ransomware incident, organizations are largely advised to avoid paying ransomware fees. 

In conclusion

The FBI and CISA both note that they do not have intelligence surrounding a potential, imminent threat. However, very recent past experiences and other attacks across the past three years suggest that hackers might see this upcoming holiday weekend as an opportunity. 

Experts believe that organizations can overcome the challenges ahead. Federal agencies will continue to issue advisories as needed in order to assist organizations in strengthening their cyber security postures. Every organization can “raise the bar” and become more vigilant regarding cyber threats. 

For more insights into the latest ransomware attack types, click here. To sign up for the Cyber Talk newsletter, click here