All I Want for Christmas Is
It has become an annual occurrence. Every year, pre-Thanksgiving up to the Christmas period, organizations are warned multiple times to anticipate the cyberattacks that affect organizations of all sizes. The Albany County Airport Authority, Sodinokibi ransomware attack in December 2020, and Magecart attack during Black Friday this year, are such examples where holiday seasons have become a targeted period for threats, as well full-scale ransomware attacks.
What Should Organizations Be Aware of?
FBI and CISA agencies have recognized similar trends before the Memorial and July 4th holidays, with the end-of-year holiday season joining that list. The Christmas holidays and in particular the holiday weekend is being seen by attackers as the most ‘ideal attack window’ in which they can exploit networks and systems.
Almost all forms of ransomware can cripple IT infrastructure and completely stop a business from running, but there are some specific ransomware examples that should be watched for during the holiday season. These include ‘LockBit, Zeppelin, Crysis/Dharma/Phobos, PYSA, Conti, and RansomEXX. However, it’s important to note, this is not an exhaustive list but rather a group of commonly reported ransomware over the past few months in the run-up to December.
Both the FBI and CISA have highlighted two primary areas of best practices where organizations should preemptively plan for in the run-up to the holiday weekend: establishing foundational cyber hygiene best practice and proactive monitoring.
- Backing up data regularly
- Assess 3rd party vendor security posture for any suspect activity
- Auditing of admin accounts and configuring access control to least privilege
- Ensure alerting mechanisms are automated
- Deployment of endpoint detection and response, SIEM solutions, and other intrusion detection methods
- Development of a readiness and response plan in case of a ransomware attack
- Regularly assess data logs for anomalies
- Apply a behavior-based monitoring approach for endpoint, network, and user activity
- Monitoring abnormal inbound/outbound network traffic
- Irregular login activity/privilege escalation attempts
- Development of a threat hunting plan based on various approaches (e.g. structured/unstructured, intel-based hunting, etc.)
The mid-market and large enterprise landscape must understand that preemptive steps for security are not limited to the above commentary, but rather, an all-encompassing security posture plan that involves preventative and detection procedures, and dynamic threat hunting activity is the best way to help tackle potential ransomware threats. For more detailed FBI and CISA recommendations, access Alert (AA21-243A).
TEST Your Email Security : Click Here
Instant Security Scorecard
WHAT IS CYBER SECURITY?
Cyber Security is the protection of Internet-connected computer systems from cyberattacks such as theft or damage to the hardware, software or data, as well as from disruption of the services provided. It is all about protecting the organization data, devices and users.
WHAT IS CYBER SECURITY ASSESSMENT?
Cyber Security Assessment is the process of evaluating, analyzing and identifying the risks, gaps, and inconsistencies that may make an organization, a network, or a user susceptible to cyber-attacks. It identifies the assets that could be affected and provides supervision to eliminate those risks to ensure the overall protection of your users, organization and organization data.
WHY SHOULD I USE AN INSTANT CYBER SECURITY ASSESSMENT?
An instant Cyber Security Assessment will identify the risks, gaps and inconsistencies in your environment for you and help you contact with professionals to eliminate those identified risks, gaps and inconsistencies. In other words, it will help you take necessary measures to eliminate attacks before they happen so that you won’t have to spend any time or resource for recovery or remediation.
HOW DO YOU COLLECT THE DATA?
Comodo Security Scorecard continuously collects data from publicly available and open-source feeds across the Internet for an outside-in, hacker perspective of an organization’s cyber security posture. The collected data is then analyzed by our machine-learning and AI backed engines, as well data scientists and a score for 10 key categories and for an overall grade are calculated.
HOW LONG IS MY SCORE ACTIVE?
Your score will be active and reachable for 30 days and you can ask for another assessment with the same email account after 30 days. Please note that your score might change in this 30-days span as the assessments are live and retrieved again any time you click the link to view your score.
DOWNLOAD A SCORECARD TO LEARN:
- If hackers are buying and selling your stolen credentials
- DNS Health Ranking
- Software Patching
- Work email addresses on social platforms
- Company domains available on the internet
- How your security risk changes over time
- How your security posture ranks against competitors
Here is the link to get your scorecard
Keep an eye in my blog for more security tips
How to Videos
Happy Festive Season