The holiday season has arrived, and cyberattacks are expected to increase with the upcoming celebratory events. According to The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) 2022 Holiday Season Threat Trends and summary report, ransomware and phishing attacks are expected to increase in retail. With the FIFA World Cup 2022, many cybersecurity experts have advised heightened caution about online impersonation scams and phishing campaigns. Looking back at 2021, studies show a 30% increase in ransomware attacks, and a 70% increase in attempted ransomware attacks during the holiday season, compared to the monthly average. It is clear that the holiday season exposes many organizations to an increased risk of cyberattacks.
The Hacker News has defined a list of the most common cyber-attacks that occur during the holiday season.
The highest active malware that affects many organizations mainly during the holiday season, ransomware denies access to data until a ransom is paid. According to the 2022 IBM Cost of a Data Breach Report, ransomware costs an average of $4.54 million, which is higher than the average cost of a breach of 4.35 million. Ransomware represented a greater portion of the breaches this year. Threat actors can execute ransomware through malicious links in a phishing email or through malicious code in a hijacked website. Defensive techniques, such as proper email filtering, strong password policies, and least privilege access can reduce the risk of becoming a ransomware victim.
Emails providing various unbelievable offers and deals, disguised as originating from legitimate companies, is the most common tactic of email fraud during the holiday season. It also includes false alerts about services that someone has subscribed to, such as bank or telecommunication services, in return for requesting personal details to repair the alleged problem.
The IBM report indicates that 16% of the attacks were phishing attacks, which cost an average of $4.91 million. Maintaining phishing email filters, disallowing downloading of attachments, and cybersecurity training will reduce the risk of phishing attacks.
Data breaches can happen through various cyber-attacks, such as malware infection, phishing, ransomware, and password attacks. These attacks mainly occur because the employees are more distracted during the holiday season, and through negligence by not following the security protocols properly.
Due to the massive amount of important data being circulated online during the holiday season, threat actors are motivated to capture valuable data as much as possible. Of course, security awareness training, and maintaining a security culture can prevent breaches at their earliest stages. One strategy to raise awareness during this festive period could include holiday-themed security messages.
Interruption of a business’s resources due to a DDoS attack is a considerable loss that a company cannot tolerate. It would lead to dissatisfied customers, loss of revenue, and damage to the reputation of the brand. While DDoS attacks are not as popular as they were, due to the relative ease of launching a ransomware attack, this attack type is no longer high on most risk registers.
However, this should not prevent an organization to assess the risk, as well as the possible impact of such an event. Organizations need to prepare their assets and technologies to withstand DDoS attacks. Most internet service providers offer DDoS prevention services, and this should be weighed against the risk.
The most common way that a threat actor would try to compromise a system is through breached passwords. Compromised credentials remain the most common initial attack vector. Therefore, organizations need to implement strong password protection policies and protocols among employees. The latest password managers offer corporate-class versions that can remove a lot of the problems associated with weak, and reused passwords. Multi-factor authentication is also a requirement to further protect against brute-force password attacks.
Many statistics have shown that cyberattacks increase during the holiday season, and both businesses and consumers are widely affected. Phishing and ransomware attacks are the most frequent attacks, and threat actors are highly attentive during the holidays to take advantage whenever possible.
Since many employees are distracted during the festive season, and due to the increase in online transactions, cyber-attacks are more likely to take place. Therefore, it is crucial that organizations have proper cyber security strategies in place to prevent these attacks and protect their systems and customers.
Dilki Rathnayake is a Cybersecurity student studying for her BSc (Hons) in Cybersecurity and Digital Forensics at Kingston University. She is also skilled in Computer Network Security and Linux System Administration. She has conducted awareness programs and volunteered for communities that advocate best practices for online safety. In the meantime, she enjoys writing blog articles for Bora and exploring more about IT Security.
Twitter: @sys_r00t
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
