Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

CISA, FBI Warn of Potential Critical Infrastructure Attacks on Holidays

The United States Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) this week reminded organizations of all types – with a focus on critical infrastructure – that cybercriminals tend to launch impactful cyberattacks during holidays and weekends.

The United States Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) this week reminded organizations of all types – with a focus on critical infrastructure – that cybercriminals tend to launch impactful cyberattacks during holidays and weekends.

Over the past years, it has become clear that cybercriminals often plan major cyber-assaults for the time when employees are out of office, namely weekends or holidays such as Independence Day, Mother’s Day, Thanksgiving and Christmas.

“Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure,” the two agencies note in a joint alert.

Organizations, CISA and the FBI say, can take proactive measures to improve their security posture and make sure they can prevent cyberattacks, including possible ransomware assaults, during the holiday season.

The two agencies note they haven’t identified specific threats for this holiday season, but decided to raise awareness on the recent 2021 trends, to make sure organizations have time to prepare for potential attacks.

Thus, CISA and the FBI “strongly urge” organizations – particularly critical infrastructure – to assess their cybersecurity posture and implement mitigations and best practices, such as ensuring that there are employees available to surge in the event of a cyberattack, that multi-factor authentication is in place for remote access and passwords are used, that the remote desktop protocol (RDP) is strongly secured if in use, and that employees are trained to identify phishing attempts.

Organizations should also remain vigilant of unsolicited emails, fraudulent websites that spoof legitimate domains, and unencrypted financial transactions.

“Finally—to reduce the risk of severe business/functional degradation should your organization fall victim to a ransomware attack—review and, if needed, update your incident response and communication plans. These plans should list actions to take—and contacts to reach out to—should your organization be impacted by a ransomware incident,” the joint alert reads.

Advertisement. Scroll to continue reading.

Related: CISA, FBI Warn of Increase in Ransomware Attacks on Holidays

Related: House Passes Several Critical Infrastructure Cybersecurity Bills

Related: CISA Issues Guidance on Protecting Data From Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem