Feds warn not to take a cyber vacation after hacking on holidays

Ahead of Labor Day weekend, the FBI and the Department of Homeland Security’s cyber arm urged companies and organizations to remain on alert for ransomware attacks. The alert follows a string of high-profile cyber incidents landing on holidays.

In a joint advisory, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) said they “observed an increase in highly impactful ransomware attacks occurring on holidays and weekends — when offices are normally closed — in the United States, as recently as the Fourth of July holiday in 2021.”

Earlier this year, an affiliate of the “REvil” cyber gang targeted software company Kaseya at the start of the July 4 holiday weekend, leading to the single largest ransomware attack to date.

The Russian-linked cyber criminals first gained notoriety after launching an attack on JBS meat processor during Memorial Day weekend, extorting the company for $11 million in ransom.

Hacker with laptop computer
Getty Images/iStockphoto

And just before Mother’s Day weekend, Colonial Pipeline paid a $4.4 million ransom to the DarkSide group after being forced to shut down its operations. Its pipeline, stretching from Texas to the Northeast, delivers 45% of all fuel consumed on the East Coast. The FBI later recovered $2.3 million of the ransom from DarkSide, a Russia-based hacking group that used malicious software to hold the company hostage.

After the Colonial Pipeline incident, the TSA mandated pipeline owners and operators designate “a 24/7, always available cybersecurity coordinator” – like a chief security officer – to coordinate with both TSA and CISA in the event of a cyber incident during a weekend or holiday. But there are no such requirements for a slew of critical infrastructure sectors including dams, public health and agriculture.

According to Tuesday’s joint advisory, the following ransomware gangs have been reported to the FBI most frequently in the past month:

  • Conti
  • PYSA
  • LockBit
  • RansomEXX/Defray777
  • Zeppelin
  • Crysis/Dharma/Phobos

The agencies recommend companies practice basic cyber hygiene to protect their networks, including: creating an offline backup of data, avoiding clicking on suspicious links, updating software and using strong passwords and multi-factor authentication.

“Cybercriminals have a long history of launching cyberattacks over long weekends, holidays and events like the Super Bowl,” said Tom Kellermann, head of Cybersecurity Strategy at VMware. “They are well aware of skeleton crews that are tasked to defend during these periods and how response times will be extended. Organizations must prepare in advance by implementing proactive threat hunting, as recommended by CISA.”

Last week, President Biden demanded chief executives of some of the largest technology companies in the U.S. – including Google, Amazon, Apple, Microsoft and IBM – do more to safeguard against cybersecurity threats.

The warning followed Mr. Biden’s summit with Russian President Putin in June, soliciting a crack down on ransomware groups housed within Russian borders.