Ramadan is a month of celebration and the biggest holiday season for Muslim majority countries around the world. In Southeast Asia, especially Indonesia, Malaysia, Brunei, Singapore, Southern Thailand, and Mindanao island in the Philippines will celebrate Eid-ul-Fitr (Hari Raya in Singapore, Malaysia and Lebaran in Indonesia) after a month of fasting.
It is expected some businesses and government offices to be closed for this major holiday, which will be on May third and fourth of 2022 and the number of holidays may extend to a week or sometimes more.
The holidays may be seen as a time for celebration, but families are not the only ones who see these occasions as the most wonderful time of the year. Cyber-threat actors or cybercriminals know exactly that due to low staffing because on vacation, have a higher workload, and get distracted more than usual, the holidays are one of the best times to attack.
As a result, the long holidays such as Hari Raya will put your organisation at a higher risk of cyberattack.
Throwback attack: Shamoon malware on The Saudi Aramco
The attack was started in mid-2012 when one of the IT team at Saudi Aramco, the state-owned Saudi Arabia oil company, opened a scam email and clicked on a bad link containing malware, later called Shamoon.
The hackers were into their system but not immediately attacked. The actual threats began during the Islamic holy month of Ramadan when most Saudi Aramco employees were on holiday. On the morning of Wednesday, August 15, 2012, some employees noticed their computers were acting weird: screens started flickering, files began to disappear, and some computers just shut down, according to CNN Business.
More than 30,000 workstations at the company were affected by the malware. Saudi Aramco’s computer technicians had no choice but to rip cables out of the backs of computer servers at data centres all over the world.
Also Read: How much does cybersecurity cost and how to budget for it?
Every office was physically unplugged from the internet to prevent the virus from spreading further. Everything, from managing supplies, shipping, and contracts with business partners to reporting was done manually with typewriters or fax machines. Not only that, Saudi Aramco bought 50,000 new hard drives to replace the infected ones.
After the attack, a group calling itself “Cutting Sword of Justice” claimed responsibility for the attack, saying they were retaliating against the Al Saud regime for its crimes against humanity. There is no ransom requested by Shamoon and it is an example of weaponised malware that is designed for use in cyber-war.
Shamoon, known as W32.Distrack, is an aggressive, disk-wiping malware program that can wipe the master boot records and replace them with various images, such as an image of a burning U.S. flag. The Shamoon malware was also used against Qatar’s RasGas oil company.
After the 2012 attack, Shamoon resurfaced in 2016 and in 2018 in a new version that targets energy sector infrastructure in the Middle East.
Other cyberattacks cases during the holidays
Besides Shamoon, several major cyber-threat cases during the holidays in 2021, such as:
- The largest fuel pipeline operation company, Colonial Pipeline, was forced to pay a ransom of US$4.4 million to the Darkside hacker group after a ransomware attack during the Mother’s Day Weekend on May 9, 2021. The attack successfully disrupted fuel deliveries in the South-East US for several days.
- JBS, the world’s biggest meat processor, paid US$11 million after a cyber-attack sabotaged its operations, including abattoirs in the US, Australia, and Canada during Memorial Day weekend on May 31, 2021.
- On the July 4 holiday weekend in 2021, when millions of Americans logged out to spend time with friends and family, one of the most significant ransomware attacks of the year began. It was targeted against Kaseya’s software technology which caused national railway systems, schools, broadcasters, etc. to shut operations as file-encrypting malware hit them.
- Over the Labour Day weekend, Howard University in Washington DC was taken offline and forced to cancel classes for a week as its network was held hostage by cyber-criminals. The cyber-criminals used phishing emails to gain access to credentials from unsuspecting university network users and used the credentials to orchestrate this holiday ransomware attack.
Cybersecurity tips during the holiday season
It is important to prevent cyber threats because security breaches risk financial pain, fines, and endanger your brand, reputation and customer trust in your organisation. Several best practices to reduce the risk and impact of cybersecurity attacks, such as:
- Make an offline backup of your data
Make and maintain offline, encrypted backups of data and regularly test your backups. It is important that backups be maintained offline as many ransomware variants attempt to find and delete or encrypt accessible backups. Review your organisation’s backup schedule to take into account the risk of possible disruption to backup processes during weekends or holidays.
Also Read: Shouldering the responsibility of digital payment security
- Do not click on suspicious links
Minimise the risk of human errors through user training programs and phishing exercises to raise awareness about the risks involved on click or opening malicious websites and attachments.
- Use strong passwords and multi-factor authentication (MFA)
Passwords should not be reused across multiple accounts or stored on the system where an adversary may have access. Require multi-factor authentication (MFA) for all services to the extent possible, particularly for remote access, virtual private networks, and accounts that access critical systems.
- Secure your network(s) by maintaining the highest standards of cyber-hygiene across the organisation
All of your networks, application and devices should meet certain cyber hygiene to protect your most valuable data and information and prevent cyber threats. Automated cyber hygiene and policy enforcement to meet your needs and your industry security compliance.
- Choose a comprehensive security solution
A comprehensive security solution that provides real-time cyber-attack warnings, actionable insights and security analytics to continuously strengthen your security posture and minimise the risks of cyber-attacks during the holidays.
This article has been published on ArmourZero blog on April 21, 2022
–
Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic
Join our e27 Telegram group, FB community, or like the e27 Facebook page
Image Credit: Canva Pro
The post How to tackle cybersecurity threats during the holidays appeared first on e27.