While most Americans look forward to the holidays, so do threat actors, who increasingly turn to these understaffed weekends to launch ransomware attacks. Companies and governmental organizations employ few, if any people going into extended weekends, so in a practical sense this means cybersecurity defenses may be lowered with many letting their guard down.
Earlier this week the FBI and CISA (Cybersecurity & Infrastructure Security Agency) issued their second alert in four months to stay vigilant going into a holiday weekend, this time with special emphasis on critical infrastructure. While they concede they have no direct knowledge of a specific threat, they do point to other 2021 ransomware attacks as reason to “urge all entities–especially critical infrastructure partners–to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats.”
Indeed, 2021 has been a productive year for ransomware purveyors, which several high-profile holiday-timed attacks.
Going into Mother’s Day Weekend, threat actors hit Colonial Pipeline with DarkSide ransomware, which burrowed deep into the energy giant’s IT network, resulting in a weeklong suspension of operations and countless gas lines as a “gas panic” took hold in the southeast. Attackers specifically chose Friday, May 7th for the attack, knowing many were preoccupied with Mother’s Day plans. In this brief moment of vulnerability, attackers infiltrated the network and encrypted and exfiltrated key data, threatening to publish it later unless Colonial paid up.
Over Memorial Day Weekend JBS, the world’s largest beef producer, was forced to close some of its facilities in response to a REvil (short for Ransomware Evil) ransomware attack that most experts attribute to non-state actors in Russia.
And, on the Friday going into the July 4th weekend, the largest ever ransomware attack was visited upon IT services provider Kaseya by the REvil ransomware gang. The attack affected thousands of companies in more than 17 countries.
To avoid falling victim to these and other attacks in the first place, the importance of an effective email security solution for organizations cannot be understated. Email remains the No. 1 threat vector for cybersecurity attacks, with 94% of threats starting with an email. The costs of these attacks can be devastating. The latest FBI report shows that email fraud represented the largest financial losses in 2020—nearly $1.9 billion—which is 44% of the total reported losses.
Further, 75% of ransomware is delivered by email, and email phishing has become the most profitable and popular method for threat actors to gain initial access to corporate networks. Fifty-seven percent of organizations experienced a successful credential phishing attack last year, and U.S. organizations are particularly vulnerable to people-centric attacks.
Phishing has a low entry barrier for cybercriminals with a high-value return. These emails are very easy to create, require little technical knowledge and most importantly, depend solely on one user clicking to succeed. Eighty-five percent of breaches involved a human element according to the most recent Verizon DBIR. Unfortunately, threat actors actively use social engineering to convince people to click a link or open an attachment—often by exploiting their instinctive decisions without proper vetting.
With this in mind, here are some tips on how to protect your organization:
(1) Protect email first. Defending the email vector should be your main focus and requires a mix of technology and training.
- a. Authenticate your corporate email domain. This blocks fraudsters from delivering messages from fake or lookalike domains. Check with your email service provider, like Microsoft Outlook or Google Mail on how to begin.
- b. Train employees to spot phishing attempts. This doesn’t mean lecturing them or walking thru a PowerPoint deck. It means hands-on, interactive training with regular drills featuring actual emails. The longer employees go without training / retraining, the worse they perform with spotting phishing attacks. Methods are always evolving, and so should the training curriculum. It should also be mandatory for every employee who touches the internet.
- c. Invest in a dedicated email security solution. The only thing safer than a and b is preventing employees from receiving malicious emails in the first place.
(2) Clarify what employees should do if they click a suspicious link or attachment. If employees aren’t sure how to report something, they won’t. Proofpoint recommends automated reporting, which lets employees report malicious email with the click of a button.
(3) Leave room for human error. Mistakes happen, so consider anti-phishing technology like remote browsers, in which URLs open in a special environment in the cloud. No matter what the URL contains, it can’t compromise the employee or their employer.
(4) Conduct ongoing security testing. Software vulnerabilities are another way intruders gain entry. Your company’s IT team—or a third party—should be actively looking for threats on your network.
(5) Mandate strong passwords and implement multi-factor authentication for remote access and administrative accounts.
(6) Identify surge teams. Pre-select a group of IT security professionals who can be available on holidays and weekends to surge in the event of an incident or ransomware attack.
(7) Ensure Remote Desk Protocols (RDPs) are secured and monitored.
Learn more about ransomware protection
Check out this page on the Proofpoint website to learn more about our market-leading solutions and mitigation strategies to help you defend against phishing, email fraud, ransomware and more.