Holiday Season Cyber Attack Patterns: How They Impact Enterprise Operations

The holiday season is a time when hardworking employees relax — and hardworking threat actors look for their next victims. As workers buy more products online, take seasonal trips, and give in to holiday distractions, large organizations become tempting targets for cyber attacks. Phishing, ransomware, and similar threats may be even more effective than usual in the last few months of the year. That means the impact of cyber attack strategies can also be more significant.

Phishing schemes sound more plausible when your staff is working remotely and relying on their personal devices. Ransomware is difficult to dislodge from a system if the IT department is on break. The best way to mitigate these threats is to strengthen your cybersecurity framework and ensure employees know how to spot and respond to common scams. With a solid plan in place, you’ll have peace of mind during the holidays and a stronger security posture going into the new year.

‍

Common holiday cyber attack strategies

During the holidays, everyday consumers face a variety of cyber threats, including:

• fake e-commerce sites;
• “missing package” notifications;
• phony charities;
• gift card scams;
• and all types of phishing schemes.

Threat actors employ many of the same tactics when seeking login credentials for enterprises. Potential attackers learn a little bit about their target, present just enough pretext for a plausible story, acquire sensitive information, then use that information to steal or extort money.

Phishing campaigns

Of all the forms of social engineering, phishing is one of the most common — and most successful. Just about everyone with a cell phone has seen a mobile phishing scam at some point. A threat actor sends a message to the intended victim, pretending to be a trusted entity — a friend, coworker, utility supplier, delivery company, or bank, for example.

Whether they spin urgent stories to discourage discretion or point users to phony sign-in pages, the end goal is the same: to steal a legitimate user’s login credentials for a system that contains valuable information.

At large organizations, employees should be on guard for:

• Smishing is phishing via text message or Short Message Service (SMS). It can be especially convincing during the holidays since workers often travel and communicate via their personal mobile devices.
• Spear phishing is a targeted phishing attack in which the threat actor learns all about the victim beforehand. By pretending to be a coworker or vendor — and providing “facts” to prove their identity — an attacker can angle for credentials in a way that’s more convincing and effective than spamming a whole organization.
• Whaling is also called executive impersonation. In these attacks, a threat actor pretends to be the CEO or another high-ranking official in a target’s organization. This can be an effective form of phishing since the attacker can threaten to punish the target if they don’t comply.

Ransomware programs

Once a threat actor gains access to your network, installing ransomware is often the next step. Ransomware is a type of malware that encrypts your files and then demands money in exchange for the decryption code — which the attacker may or may not actually provide. The median cost of a cyber attack involving ransomware is about $46,000.

While security researchers have successfully decrypted some types of ransomware, other types are essentially unbreakable. If your organization falls victim to a ransomware scheme, your best option is to restore your system from your most recent backup. Unless you back up your entire network every day, though, the best-case scenario may still mean losing some vital data.

Supply chain attacks

No matter how well you lock down your organization’s systems, you can’t guarantee that the people who developed your software and hardware have done the same. Threat actors can also exploit known vulnerabilities in the computer programs, cloud services, mobile apps, networking devices, or online infrastructure that you use. This is known as a supply chain attack. Because these third-party tools often require extensive permissions, attackers can compromise entire networks by targeting one small (and easily exploitable) piece of the system.

Supply chain attacks come in many forms. Threat actors could inject malicious code into open-source databases, replace real sign-on pages with convincing copycats, or hide malware in automatic updates for legitimate programs. This type of attack could be particularly effective during the holidays, as manufacturers may not have the resources to patch zero-day vulnerabilities until after the new year.

‍

How to mitigate the impact of cyber attack patterns

The impact of cyber attack patterns can be particularly intense during the holidays. Employees who are focused on shopping and cooking plans may fall for phishing attempts they’d normally see right through. An attacker who breaches an organization’s defenses may have hours rather than minutes before someone notices and kicks them out. A traveling worker’s personal computer may be susceptible to malware that an office computer would block.

Mitigating cyber risks during the holidays requires a little extra planning and accountability. However, the basic principles remain the same all year round.

Strengthen your cybersecurity framework

The stronger your cybersecurity framework, the less likely you are to suffer a data breach. Your framework encompasses everything you do to safeguard your organization’s digital assets, from installing comprehensive security suites to continuously monitoring systems for potential intruders. Implementing a security service edge (SSE) solution, for example, can protect users and data regardless of their location or preferred device, while a mobile endpoint detection and response (EDR) can identify and protect against threats like mobile phishing.

During the holidays, following zero trust principles is a particularly effective way to keep employees and files safe. Zero trust systems assume that any login — even one with a correct username and password — could be from a compromised account. Employees must prove their identities with multi-factor authentication (MFA) codes, frequent logins, recognized IP addresses, and so forth. Zero trust is an invaluable approach when employees work from unfamiliar locations and devices.

Maintain business continuity

Business continuity refers to your ability to resume normal operations after a disruptive event. No matter how well you prepare, your organization may not be able to avoid a data breach. If a threat actor does manage to infiltrate your network, you can limit the damage by having a comprehensive plan in place. Consider the following questions:

• How can you detect an intruder in your system?
• What is your plan to remove the attacker?
• What is your backup plan if the first one fails?
• How will you know what data was compromised?
• How quickly and reliably can you restore files from backups?
• Who is responsible for dealing with the problem?
• Who needs to be looped in as the situation escalates?
• When will you contact your stakeholders and employees? What will you say?

Having a definitive chain of command — with backups at every step — is vital during the holidays, when employees may be scattered or unavailable. Remember: If you don’t know these answers in advance, you will have to scramble to come up with them during a cyber attack.

Educate employees

While threat actors can exploit vulnerabilities in hardware or software, it’s usually much easier to exploit vulnerabilities in people. If your staff can recognize every phishing, smishing, and whaling attack they encounter during the holidays, threat actors may find it much more difficult to gain a foothold in your network.

If your employees already know the signs of a social engineering attempt — false sense of urgency, threat of punishment, vague answers to specific questions — they have a solid foundation for avoiding holiday threats. Remind them to keep their devices up to date, especially while traveling, and to be especially skeptical of any requests from “coworkers” that don’t come through the proper channels.

‍

Protect your staff from phishing and smishing

While threat actors will try all sorts of phishing schemes during the holidays, smishing and whaling are two of the most dangerous.

Since employees don’t know every coworker’s cell phone number, even simple smishing schemes may seem believable. Likewise, the average worker might not know the executive team well enough to detect an impostor. Check out our recent blog on executive impersonation, which explains the scams in detail, as well as how to mitigate the impact of cyber attack attempts, so you can rest easier this holiday season.

‍