Ho, Ho, Ho! Ransomware Attacks Aplenty Expected During Holidays
Lack of preparedness intensifies the impact of holiday/weekend attacks.
![Ransomware Santa Christmas Ransomware Santa Christmas](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt0be44f41f3548719/65243c5fbbdcab304eef8fbb/Ransomware-Santa-Christmas.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: Is there any evidence to back up fears of upcoming holiday/weekend cyberattacks? If so, how?
Cybereason’s Israel Barak: All of the most disruptive ransomware attacks in 2021 occurred over the weekend or on major holidays. This is more than a trend. Ransomware operators understand when to hit organizations for maximum impact and the best chance at a big ransom payday. This, and the fact that the FBI/Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about the tactic, should be enough to prompt organizations to take steps to be better prepared and reverse the advantage this adversary is leveraging.
CF: Is there any evidence that organizations are better prepared to prevent/fight off ransomware attacks this holiday season? If so, how?
IB: Awareness around the potential for significant operational disruption from a ransomware attack has never been greater, but this study shows that there is still a lot more to be done in order to undermine the adversaries’ confidence that organizations have temporal weak spots that can be exploited. The attackers need to know that organizations are prepared to successfully defend against an attack no matter when it occurs.
CF: What do organizations need to be doing over the weekend to protect themselves?
IB: Aside from their standard security operations, we included several other steps organizations can take to improve their security posture during these off-hours periods in the report.
Among those are: practice good security hygiene, ensure key players can be reached any time of day, conduct periodic table-top exercises and drills, ensure clear isolation practices are in place, and more.
To better prepare for weekend and holiday ransomware attacks, 68% of security professionals polled said they are planning to add new technologies, 51% said they are implementing a contingency plan, and 41% said they are adding more staff during weekend and holiday periods.
Despite constant warnings about weak passwords, the most popular password in the United States remains 123456. It’s also the most popular worldwide.
That’s according to NordPass‘ latest list of the top 200 passwords globally.
The top 20 most common passwords in the United States are:
1. 123456
2. password
3. 12345
4. 123456789
5. password1
6. abc123
7. 12345678
8. qwerty
9. 111111
10. 1234567
11. 1234
12. iloveyou
13. sunshine
14. monkey
15. 1234567890
16. 123123
17. princess
18. baseball
19. dragon
20. football
Overall, in the United States, 150 passwords out of the 200 can be cracked in less than a second. That’s 75%, whereas globally, the percentage is 84.5%.
Jonas Karklys is NordPass‘ CEO. He said the latest list mainly says two things about people.
“Firstly, people do not entirely consider their online safety when they create passwords,” he said. “Weak passwords make it easy for hackers and fraudsters to obtain personal information, which can be highly damaging to the users, and yet weak passwords continue to dominate the top password lists. Secondly, people are fatigued when it comes to passwords specifically. According to research, a single person has around 100 passwords on average, which is why it is no wonder that simple passwords seem like the easy solution to the problem of having to remember strong passwords.”
Obtaining access to a single account could possibly lead to multiple accounts being compromised, Karklys said. If your account has personal information in it, there may be a chance of your data getting stolen and ending up used for various crimes such as identity theft or fraud.
“People tend to make various mistakes when choosing passwords and these mistakes can all lead to accounts getting hacked,” he said. “Some common mistakes include using words you can find in the dictionary, using personal information such as your name or birth date, or using predictable keyboard combinations such as qwerty [top line of a keyboard], 123456 and so on. Users also tend to use a lot of cultural references, such as, for example, football teams names, cartoon characters and so on. Also, many use positive, loving words and phrases, such as iloveyou. All of these are incredibly insecure as they could be hacked in less than a second.”
Passwords are weaker this year than last year and people’s habits haven’t improved at all, Karklys said. Fewer passwords on last year’s list could be cracked in less than a second.
A new survey of more than 200 IT leaders in the United States finds that while 95% of businesses are making multicloud a strategic priority in 2022 with security being top of mind, only 54% feel highly confident that they have the tools or skills they need to execute.
In fact, when it comes to multicloud operations in general, 76% of respondents believe it is “underinvested” at their respective companies.
Valtix released the survey conducted by an independent research firm. It reveals the top challenges, opportunities, and strategies IT leaders are dealing with when it comes to multicloud security.
More than half of IT leaders resist moving to multiple cloud platforms due to added security complexities, even though 92% of them know at some point business growth will demand it. Eighty-two percent agree the complexities of implementing and managing multicloud security has slowed down business agility. As a result, most companies face a substantial gap between multicloud security and the cloud needs of a business, which many believe will drive the next wave of high-profile security incidents if not prioritized.
Douglas Murray is Valtix‘s CEO.
“IT leaders are entering 2022 in a precarious state when it comes to multicloud security,” he said. “They are underfunded, underskilled and inefficient at executing on security within multicloud strategy. The reality is that managing several cloud providers multiplies threats, work and headcount. With multicloud becoming more relevant in 2022, organizations are looking to find the best solutions to implement multicloud security policy and visibility.”
Tim Bach is vice president of engineering at AppOmni, a SaaS security management platform provider.
“It’s not surprising that a majority of IT leaders are concerned about multicloud expansion given they are frequently expected to address cloud security concerns without having the tooling to do that job in a secure, efficient way,” he said. “Whether their focus is on security monitoring for cloud infrastructure providers, such as Google Cloud, AWS and Microsoft Azure, or the increasingly more complex security needs for the dozens of SaaS platforms their businesses rely on, CIOs and CISOs are expected to manage security controls and monitoring for an increasing number of clouds that house more and more sensitive data and critical business processes.”
CyberArk and Recorded Future have joined the XDR Alliance. These newest member additions extend identity security and threat intelligence expertise to the alliance’s technical scope.
Exabeam unveiled the XDR Alliance in August during Black Hat. The alliance is a partnership of cybersecurity and IT innovators committed to an inclusive and collaborative extended detection and response (XDR) framework and architecture.
The goal of the XDR Alliance is to foster an open approach to XDR to allow organizations to protect themselves against the growing number of cyberattacks, breaches and intrusions. Alongside Exabeam, founding members of the alliance included Armis, Expel, ExtraHop, Google Cloud Security, Mimecast, Netskope and SentinelOne.
Clarence Hinton is CyberArk’s chief strategy officer and head of corporate development.
“Stemming the tide and impact of increasingly targeted and damaging attacks takes a community of partners to help organizations secure identities, and detect and respond to ongoing threats,” he said. “Drawing from our existing partnerships and integrations with several XDR Alliance members, joining this alliance allows CyberArk to expand on the promise of identity security, centered on privileged access management, to enable enterprises to take a security first-approach to identity-related risk.”
John Searby is Recorded Future‘s vice president of channels and alliances.
“Recorded Future is committed to providing partners and clients with intelligence that is transparent and free of bias so they can make confident decisions for their organization,” he said. “Integrating into a well-designed detection and response framework maximizes the value of our intelligence and makes it truly actionable. As such, we’re thrilled to be joining the XDR Alliance as the first intelligence provider to help organizations better protect themselves so business can be conducted with confidence.”
CyberArk and Recorded Future have joined the XDR Alliance. These newest member additions extend identity security and threat intelligence expertise to the alliance’s technical scope.
Exabeam unveiled the XDR Alliance in August during Black Hat. The alliance is a partnership of cybersecurity and IT innovators committed to an inclusive and collaborative extended detection and response (XDR) framework and architecture.
The goal of the XDR Alliance is to foster an open approach to XDR to allow organizations to protect themselves against the growing number of cyberattacks, breaches and intrusions. Alongside Exabeam, founding members of the alliance included Armis, Expel, ExtraHop, Google Cloud Security, Mimecast, Netskope and SentinelOne.
Clarence Hinton is CyberArk’s chief strategy officer and head of corporate development.
“Stemming the tide and impact of increasingly targeted and damaging attacks takes a community of partners to help organizations secure identities, and detect and respond to ongoing threats,” he said. “Drawing from our existing partnerships and integrations with several XDR Alliance members, joining this alliance allows CyberArk to expand on the promise of identity security, centered on privileged access management, to enable enterprises to take a security first-approach to identity-related risk.”
John Searby is Recorded Future‘s vice president of channels and alliances.
“Recorded Future is committed to providing partners and clients with intelligence that is transparent and free of bias so they can make confident decisions for their organization,” he said. “Integrating into a well-designed detection and response framework maximizes the value of our intelligence and makes it truly actionable. As such, we’re thrilled to be joining the XDR Alliance as the first intelligence provider to help organizations better protect themselves so business can be conducted with confidence.”
Nothing says the holidays like decorations, parties, presents, mistletoe and now, apparently, ransomware.
Cybereason has published a global study of more than 1,200 security professionals at organizations that have previously suffered a successful ransomware attack on a holiday or weekend. The study highlights the disconnect between organizational risk and preparedness.
Among the key takeaways:
Ninety percent are concerned about upcoming holiday/weekend ransomware attacks. However, nearly one in four said their organizations do not have a specific plan or policy in place.
Eighty-six percent report missing a holiday or important weekend activity with family and friends.
Seventy percent report being forced to respond to a ransomware attack while intoxicated to get the job done.
Lack of Preparedness Intensifies Impact
The lack of preparedness for ransomware attacks on weekends and holidays has a significant impact on victim organizations. Sixty percent of respondents said it took longer to assess the scope of an attack. One-half said they needed more time to mount an effective response. Furthermore, one-third (33%) said they needed more time to fully recover from the attack. This research validates the assumption that it takes longer to assess, mitigate, remediate and recover from a ransomware attack over a holiday or weekend.
The retail and transportation sectors present high-value targets for ransomware attackers, according to Cybereason. That’s because the potential for disruption and lost revenue increase incentives for victims to pay higher ransom demands.
Nearly 70% in both retail and transportation said a previous ransomware attack was successful because they didn’t have the right security solutions in place. In addition, one in four (24%) said their organizations still don’t have a specific contingency plan to address the risk from weekend and holiday attacks despite previously having been a victim.
To learn more, we spoke with Israel Barak, Cybereason‘s chief security information officer.
Channel Futures: What are the most surprising findings in this study?
Cybereason’s Israel Barak
Israel Barak: Despite having already been a victim of a ransomware attack, too many organizations still do not have the most basic technologies in place to prevent being a victim again — such as endpoint prevention like next-generation antivirus (NGAV) or endpoint detection and response (EDR) for proactive threat hunting and early detection of RansomOps.
Scroll through our slideshow above for more from Cybereason and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like