On Aug. 31, the Federal Bureau of Investigation (FBI) and the Cybersecurity Infrastructure Security Agency (CISA) issued a Joint Cybersecurity Advisory urging organizations to ensure they protect themselves against ransomware attacks during holidays and weekends – when offices are normally closed.
The Joint Cybersecurity Advisory explains that while there are no specific threat reports indicating a cyberattack will occur over the coming Labor Day weekend, there has been a rise in cyberattacks during holidays. CISA and the FBI explain that entities should be especially diligent in network defense practices based on recent threat actor tactics, techniques, and procedures (TTPs). The Joint Cybersecurity Advisory advises organizations to engage in preemptive threat hunting on their networks. For indicators of suspicious activity that threat hunters should look for and recent examples of holiday cyberattacks, view the Joint Cybersecurity Advisory.
In conjunction with the Joint Cybersecurity Advisory, CISA issued an Alert recommending that organizations identify IT security employees to be available and “on call” during holidays in the event of a ransomware attack. Additional actions that organizations can take that may reduce their risks and impacts of compromise include the following:
- Make an offline backup of your data.
- Do not click on suspicious links.
- If using Remote Desktop Protocol (RDP), or other potentially risky services, disable if possible and secure and monitor if necessary.
- Update your operating system and software; scan for vulnerabilities.
- Use strong passwords, consider changing them now.
- Implement and use multi-factor authentication wherever possible.
- Secure your network(s): implement segmentation, filter traffic, and scan ports.
- Secure your user accounts.
- Have a hard copy of your incident response plan, and review and update where needed.
For more resources see the Alert (AA21-243A) issued by CISA in conjunction with the Joint Cybersecurity Advisory discussed above.
