Cybersecurity Threat Advisory: Best practices for the holiday season
Barracuda MSP would like to wish everyone a happy holiday season! As organizations around the world are getting ready for some well-deserved time off, hackers are ramping up their infiltration efforts. Threat intel data indicates we will experience a sizable uptick in phishing, ransomware, and denial of service attacks. Here are best practices organizations and individual users should take to protect themselves from cyberthreats during the holiday season.
What is the threat?
The holiday season serves as an advantageous time for hackers to strike. Malicious actors tend to boost their efforts before holidays, as they attempt to take advantage of online consumers. Many end-users put cybersecurity on the back burner when either browsing the web or receiving emails with holiday deals, thus providing the perfect opportunity for attackers. Hackers increase their phishing campaigns by impersonating what someone might need during the holidays, including online marketplaces and charities.
Additionally, with many organizations winding down operations around this time, attackers ramp up the more serious hacking efforts as well. Last December, the Log4J vulnerability shook the tech world. The year prior, it was the SolarWinds compromise. Critical vulnerabilities impacting major technology systems such as Fortinet and Citrix have already been published. We anticipate additional vulnerabilities will be announced in the coming weeks and IT teams will need to respond quickly. It is critical to address the vulnerabilities in a timely manner to avoid threats such as ransomware, unauthorized access, data exposure, denial of service, etc.
Why is it noteworthy?
In recent years, malicious actors have increased their attacks against organizations on or around holiday seasons. It is the time when companies may be less equipped to protect against an attack that is most enticing to a hacker. Historically, the Barracuda SOC has seen a significant uptick in active incidents during the holiday season. Reviewing your overall security posture and having a response plan in place will be key to preventing security issues.
What is the exposure or risk?
It is vital for anyone – end-users and security pros alike – to understand the risks involved when providing their information online. Providing personal or payment information to a fake website, impersonated support representative, or even a real website lacking security measures can lead to financial loss or identity theft.
The risk doesn’t end with online shopping. Hackers will attempt to leverage any initial point of compromise into a full-scale attack. A single set of compromised credentials could snowball into a ransomware attack. Thus, everyone must remain vigilant during the holiday season.
What are the recommendations?
Barracuda MSP highly recommends proceeding with caution, regardless of your holiday plans or online activity. Here are some best practices to help ensure the bad guys only receive coal this year:
- Be cautious and pay attention to detail when shopping online. Look at the names of any websites, or e-mail addresses you receive deals from.
- Check for any misspellings, bad grammar, weird or incorrect company logos or deals that are too good to be true
- Stick to websites that you trust and use regularly.
- Avoid clicking on links that are sent to you. If a company is truly having a sale, you should be able to find it directly on their website.
- Make sure your entire organization is protected with multi-factor authentication (MFA).
- Keep all systems up to date. Unpatched or outdated systems offer an easy entry point for hackers.
- Educate users on these security risks to minimize the possibility of human error.
- Leverage the protection of the Barracuda XDR platform. Our 24x7x365 Security Operations Center monitors your environment around the clock to ensure you have a happy new year.
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.