CISA Warns About Cyber Threats During Holiday Season

Photo of Laptop Displaying CISA Website

A November 22 report by the Cybersecurity & Infrastructure Security Agency (CISA) focuses on cybersecurity for critical infrastructure for the upcoming holiday season. The report, titled, “Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends” particularly warns Americans who are traveling for Thanksgiving and critical businesses that may be closed during this period.

Additionally, the report casts a wider net on cyber threats that occur during instances of time-off; including holidays and weekends in general, as well as Mother’s Day weekends and Independence Day.

Cyber Threats Are Particularly Active During Holidays

According to CISA’s report, the threat of ransomware attacks during the upcoming holiday season is expected. Cybercriminals are always looking for the most efficient way to orchestrate malicious activity, which means that the holiday season is perfect for this. The busiest shopping day of the year, Black Friday is also an opportunity for cybercrime targeting online shopping.

The fact that offices are closed, and employees are away, opens up fruitful opportunities for cybercriminals. As such, especially common is the disruption of critical infrastructures (networks), “belonging to organizations, businesses, and critical infrastructure” that is both a lucrative opportunity and a raw display of dominance for cybercriminals.

The Threat of Ransomware

Ransomware is statistically the worst, most nefarious cyber threat known to man. As more and more critical infrastructure is digitally transformed, ransomware has been known to compromise city water systems, the healthcare sector, the energy sector, even the agriculture sector.

Key Points From The CISA Report

CISA’s report specifically reiterated the impact that cyber threats can have on critical infrastructure. “Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure.”

The report also confirms that cybercrime is ramping up in 2021, and is leading to ‘serious’, ‘impactful’ attacks.

Some other key points posted by CISA pertaining to the cybersecurity stance of ‘critical infrastructure partners’ include;

  • Finding available IT security employees that would be available for immediate response in the case of cyber-attack scenarios during the holiday season
  • The implementation of multi-factor authentication in the industry
  • Mandating solid password security
  • Securing remote protocols such as RDP
  • Awareness surrounding phishing and spoofing
  • Practicing good cybersecurity especially when shopping online
  • Caution surrounding unencrypted financial transactions
  • Reviewing and updating incident response and communication plans

The report urges for extreme caution and immediate action against the current threat of ransomware activity: “CISA and the FBI urge users and organizations to take these actions immediately to protect themselves against this threat.”

Other Recommendations From CISA

The report includes helpful links and underlines the need to reach out to contacts should an organization fall victim to a ransomware attack. Here are the links and documentation:

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.