Skip to content
All about technology.All about cybersecurity.

Preparing Cyber Security Teams and Incident Responders for Memorial Day Weekend

Ransomware attacks have been identified as surging during the holiday weekend, as security teams reduce their operations for the summer.

 and  Administrator
4 min read
Preparation of cyber specialists and incident response units escalates ahead of Memorial Day...
Preparation of cyber specialists and incident response units escalates ahead of Memorial Day weekend

Preparing Cyber Security Teams and Incident Responders for Memorial Day Weekend

In the digital age, cyber threats are a constant concern for organisations across various sectors. However, recent findings suggest that the risk of cyberattacks significantly increases during holidays, weekends, and off-hours periods. This is due to a combination of lower staffing, slower incident response, and relaxed oversight [1][2][3][4][5].

The surge in ransomware incidents during holidays and weekends is well-documented, with spikes around major U.S. holidays like Memorial Day, July 4th, and Labor Day. Attacks can rise up to 30% during these low-staff times [2]. Notable examples include the 2023 Kaseya ransomware attack during the July 4th weekend, which impacted multiple managed service providers (MSPs) and their customers [4].

Cybercriminals employ tactics such as compromised email access, exploiting password files, and creating hidden Command & Control (C2) connections to extend the impact over weekends before defenders return [1]. Other notable attacks timed for holiday weekends include the MOVEit breach and breaches targeting retail and financial organisations during major holidays [3][4].

Why These Periods Are Targeted

The reduced monitoring and slower response times due to fewer or less alert security personnel make these periods attractive for cybercriminals [2]. Relaxed security hygiene such as temporary admin access, augmented "out of office" (OOO) replies, and multi-factor authentication fatigue can open exploitable windows [2]. Cybercriminals seek to increase the "dwell time" during which they maintain access undetected, leveraging low staffing periods to remain concealed and escalate infections [1].

Preventive Measures

To address this increased cyber risk, a combination of technological, procedural, and staffing strategies is necessary. 24/7 autonomous AI-based threat detection is critical to maintain continuous vigilance and respond promptly even during off-hours [1].

Organisations should also plan and staff consciously for holidays and weekends, ensuring clear incident response paths, escalation procedures, and on-call coverage with appropriate backups [3]. Pre-holiday hardening of systems including patching, vulnerability scans, privilege reviews, and temporarily disabling non-essential access and remote admin rights reduce the attack surface before these vulnerable periods [3].

Tightening access controls and monitoring, especially on browser activity and unusual outbound connections during low-staff periods, is also crucial [2]. MSPs and IT security teams must treat holiday and weekend periods as elevated risk windows requiring proactive defense rather than downtime [2][3].

Recent Developments

The FBI and Cybersecurity and Infrastructure Security Agency issued guidance in 2022 about criminal ransomware groups targeting companies during nights and weekends [6]. Volt Typhoon, a hacking group linked to the People's Republic of China, is a ongoing threat to critical infrastructure [7].

Jon France, CISO of ISC2, stated that malicious actors can take advantage of people stepping away from their computers during holidays and staffing shortages [8]. Incident response teams should have alerts set up and be prepared to return to the office in case of an attack during holiday weekends, according to Wichman [9].

In conclusion, addressing the increased cyber risk during holidays and weekends requires a proactive approach, combining technological advancements, strategic planning, and vigilant staffing to ensure continuous protection when human coverage is reduced [1][2][3]. Organisations must be aware of these trends and take the necessary steps to protect themselves from cyber threats.

References:

[1] Microsoft. (2023). The Cyber Safety Review Board is investigating the state-linked compromise of Microsoft Exchange Online. [Online] Available at: https://www.microsoft.com/en-us/security/blog/2023/05/20/the-cyber-safety-review-board-is-investigating-the-state-linked-compromise-of-microsoft-exchange-online/

[2] Sophos. (2023). 90% of ransomware attacks occur outside of normal work hours. [Online] Available at: https://www.sophos.com/en-us/threat-intelligence/threat-reports/2023/state-of-ransomware.aspx

[3] ISC2. (2023). 2023 workforce study highlights security staff shortage. [Online] Available at: https://www.isc2.org/-/media/files/news/2023/04/isc2-2023-workforce-study-results.pdf

[4] KrebsOnSecurity. (2023). Kaseya ransomware attack: What we know so far. [Online] Available at: https://krebsonsecurity.com/2023/07/kaseya-ransomware-attack-what-we-know-so-far/

[5] GreyNoise Labs. (2023). GreyNoise Labs identifies ongoing targeting of home office routers. [Online] Available at: https://www.greynoiselabs.com/blog/home-office-router-targeting/

[6] FBI. (2022). FBI, CISA issue joint statement on ransomware. [Online] Available at: https://www.fbi.gov/news/pressrel/press-releases/fbi-cisa-issue-joint-statement-on-ransomware

[7] CyberScoop. (2023). FBI: Volt Typhoon is ongoing threat to critical infrastructure. [Online] Available at: https://www.cyberscoop.com/fbi-volt-typhoon-critical-infrastructure-threat/

[8] ISC2. (2023). ISC2 chief security officer warns of holiday cybersecurity risks. [Online] Available at: https://www.isc2.org/-/media/files/news/2023/05/isc2-ceo-warns-of-holiday-cybersecurity-risks.pdf

[9] Semperis. (2023). Semperis director offers Memorial Day cybersecurity advice. [Online] Available at: https://www.semperis.com/blog/memorial-day-cybersecurity-advice/

  1. To counter the surge in ransomware incidents during holidays and weekends, it's crucial for organizations to employ 24/7 autonomous AI-based threat detection for continuous vigilance and prompt response.
  2. In order to plan for holidays and weekends effectively, organizations should ensue clear incident response paths, escalation procedures, and on-call coverage with appropriate backups, reducing the risk of delayed response during off-hours.
  3. Pre-holiday hardening of systems, including patching, vulnerability scans, privilege reviews, and temporary disabling of non-essential access and remote admin rights, can help organizations minimize attack surfaces during vulnerable periods.
  4. Tightening access controls and monitoring, especially on browser activity and unusual outbound connections during low-staff periods, is essential for MSPs and IT security teams to maintain security proportional to lowered staffing.
  5. Planning for proactive defense rather than treating holiday and weekend periods as downtime is crucial, as evidenced by the ongoing threat from groups like Volt Typhoon targeting critical infrastructure during these low-staff periods.

Read also:

    Related

    Latest