Cybersecurity Experts: July 4th Weekend Ripe for Ransomware, Other Attacks
Russia definitely has motivation to exploit the July 4th holiday in some way.
Shutterstock
John Bambenek is principal threat hunter at Netenrich.
“Any time there is an extended holiday, ransomware operators use it as an opportunity to be spiteful and to take advantage of lower staffing levels,” he said. “Any ransomware group planning to use the Fourth of July is already in the network with the access they need and waiting to strike. Here, automated protection is key, for instance, to prevent PowerShell from being used to deploy malware across an environment when no one is around to raise alarm bells.”
Aaron Turner is Vectra‘s CTO, SaaS Protect. He said a significant majority of cyberattacks now are executed by people with profit motivations. The longer victims take to respond, the greater likelihood the attackers can succeed to maximize their opportunities.
“While ransomware attacks are the focus today, the trend of attackers exploiting vulnerabilities during holidays is one that has been in place for decades,” he said. “With IT workers wanting to enjoy a holiday with friends and family, security teams may not be fully staffed, administrators with privileges to stop attackers in their paths may not answer calls or emails as quickly, and those reduced resources and delayed responses result in an advantage for attackers.”
In years past, enemies of the United States have attempted to embarrass U.S. government and military cybersecurity teams around July 4th, Turner said. At this time of elevated risk due to the Russia/Ukraine conflict, Russia definitely has motivation to exploit the holiday in some way.
“Whether it is a nation-state attack attempting to score a virtual victory against the U.S. or a lowly ransomware operation looking to extract some cryptocurrency from an understaffed company whose IT team is taking some time off for the national holiday, there is surely going to be some cyberattack action this coming holiday weekend,” he said.
Sammy Migues is principal scientist at Synopsys.
“Distractions — like holidays — are distracting to companies, people, and even bots (that might get overwhelmed with data while no one’s paying attention to care and feeding),” he said. “Magic works by sleight of hand. Attackers might spend months surveilling an organization, but holidays are a good time to do the noisy parts of attacks, such as credential stuffing on web servers, trying to spoof VPNs, pretexting to call centers, and so much more because the victim is less likely to notice the person behind the curtain.”
Phil Neray is CardinalOps‘ vice president of cyber defense strategy.
“Apart from the usual sage advice on ransomware — make sure you’re up to date on patching and backups, and have already implemented multifactor authentication (MFA) — I recommend making sure you have 24×7 security operations center (SOC) personnel monitoring your networks for any unauthorized or suspicious activity, so they can quickly shut down an attack before it reaches your crown jewels,” he said. “Even the most rigorous patching regime can’t protect against one of your trusted suppliers being compromised in a supply chain attack or one of your users having their credentials stolen, so rapid detection and response is essential.”
Brian Spanswick, Cohesity‘s CISO, said he wouldn’t be surprised if cybercriminals have July 4th circled on their calendars.
“As we approach this holiday weekend, it’s a great reminder that IT and security leaders must work together to safeguard customer and employee data, and have a data security strategy in place that’s not only focused on prevention, but also on protection, detection and recovery,” he said. “Our recent research shows that collaboration between IT and security teams is often subpar. More than 80% of IT and SecOps decision makers agree their organizations would be better prepared to recover from cyber threats, including ransomware attacks, if these groups collaborated more closely. So, to keep bad actors at bay and help ensure business continuity, including during and after the Independence Day holiday, now is the time to optimize collaboration and prioritize next-gen data management that’s in line with the NIST Cybersecurity Framework.”
George Axberg is vice president of data protection at Vast Data.
“The Fourth of July, and other long holiday weekends, are historically some of the biggest windows for ransomware attacks,” he said. “The onslaught of ransomware has spawned a digital pandemic in which any organization can suffer crippling attacks and disastrous outcomes. For many organizations, it’s not an if scenario, but rather a when or a how often they will be targeted.”
Taking proactive measures to protect and harden backup data, while providing optimized restore speeds, should be among organizations’ top priorities in the ransomware era, Axberg said.
George Axberg is vice president of data protection at Vast Data.
“The Fourth of July, and other long holiday weekends, are historically some of the biggest windows for ransomware attacks,” he said. “The onslaught of ransomware has spawned a digital pandemic in which any organization can suffer crippling attacks and disastrous outcomes. For many organizations, it’s not an if scenario, but rather a when or a how often they will be targeted.”
Taking proactive measures to protect and harden backup data, while providing optimized restore speeds, should be among organizations’ top priorities in the ransomware era, Axberg said.
Last year, on the eve of the July 4th weekend, the REvil ransomware gang attacked Kaseya, creating a nightmare for the company and its customers.
The Kaseya attack impacted nearly 50 customers. That included 35 MSPs. About 1,500 of their customers also suffered. The attackers breached Kaseya VSA, its remote monitoring and management (RMM) service. All of the MSPs were using the VSA on-premises product.
Earlier this year, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned organizations to brace for potential attacks during holidays, particularly holiday weekends.
The FBI and CISA don’t have specific information regarding cyber threats coinciding with upcoming holidays and weekends. Cybercriminals, however, may view holidays and weekends, especially holiday weekends, as attractive time frames in which to target potential victims, including small and large businesses.
Should organizations be on high alert as the July 4th weekend approaches? Cybersecurity experts we polled said there’s good reason for organizations to be on alert for potential attacks.
Preparing for the July 4th Weekend Threat
Matthew Warner is Blumira‘s CTO and co-founder.
“Threat actors are opportunistic, and they know that IT and security teams will be limited over holiday weekends,” he said. “Before the weekend, organizations should ensure that their systems are fully patched to prevent an attacker from exploiting potential vulnerabilities. It is always extremely important that organizations focus on detecting the first three steps of a ransomware attack: discovery, gaining a foothold, and escalating privileges. Detection, in addition to being aware as to what data you hold, will allow you to quickly respond to attacks and worst case be sure of post-exploitation handling of a ransomware event.”
John Fokker is Trellix’s head of cyber investigations.
Trellix’s John Fokker