FBI and CISA warn that cybercriminals don’t take holidays

The FBI and CISA (the Cybersecurity and Infrastructure Security Agency) have jointly issued an advisory to organisations, warning about an increase in the number of attacks coinciding with weekends and holidays.

With the Labor Day weekend rapidly approaching, the agencies have reminded businesses to be especially vigilant, remain diligent about their network defences, and “engage in preemptive threat hunting on their networks to search for signs of threat actors.”

To underline their point, the FBI and CISA have warned that they have noted a trend for ransomware and other cyber attacks to occur at times when offices are normally closed. To underline the seriousness of the issue, the agencies have detailed three major ransomware attacks in recent months that coincided with holiday weekends, causing significant disruption:

In May 2021, leading into Mother’s Day weekend, malicious cyber actors deployed DarkSide ransomware against the IT network of a US-based critical infrastructure entity in the Energy Sector, resulting in a week-long suspension of operations. After DarkSide actors gained access to the victim’s network, they deployed ransomware to encrypt victim data and — as a secondary form of extortion — exfiltrated the data before threatening to publish it to further pressure victims into paying the ransom demand. In May 2021, over the Memorial Day weekend, a critical infrastructure entity in the Food and Agricultural Sector suffered a Sodinokibi/REvil ransomware attack affecting US and Australian meat production facilities, resulting in a complete production stoppage. In July 2021, during the Fourth of July holiday weekend, Sodinokibi/REvil ransomware actors attacked a US-based critical infrastructure entity in the IT Sector and implementations of their remote monitoring and management tool, affecting hundreds of organizations — including multiple managed service providers and their customers.

The high-profile cases highlighted by the FBI and CISA emphasise an important principle of cybersecurity – malicious hackers don’t take holidays.

A cyber attack could be launched against your organisation at any time of day or night, on any day of the year. And if an attacker has a choice between hitting your business when its IT security department is present and fully-staffed and when it isn’t – well, which one do they think they will choose?

Time and time again we see cybercriminals strike at weekends or on the eve of a major holiday – knowing that for many organisations it is likely to take them longer to respond and limit the damage caused.

CISA and the FBI may not have definite evidence that attacks are planned to coincide with the Labor Day weekend, but we would be fooling ourselves if we believed that hacking gangs weren’t very aware that many organisations will be operating a slimmed-down security team over this and other holidays.

As Tripwire VP Tim Erlin adroitly puts it, “Attackers don’t take the weekends off, and neither should your cybersecurity.

Take measures now to reduce the chances of a successful ransomware attack against your company. Check out these 30 ransomware prevention tips to harden your business’s defences, all year round.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.