How can we help?
Published: 15th December 2021
As public and private organisations from higher education, healthcare, local councils to financial, legal services and the energy sector, prepare to close and skeleton staff keep critical infrastructure operational, you may be vulnerable to a cyber-attack.
Cyber-attacks, leading up to and during holidays are not uncommon. Recent history highlights the persistence from attackers to disrupt organisations at a time of year that is likely to lead to greater success in their attack goals.
Earlier this year, Kaseya, an IT Management software company, became aware that their product was being used as part of a ransomware campaign. Coinciding with the American Independence Day weekend, this was a conscious decision by the threat actors to inflict damage when there would be reduced resources to deal with it.
Just before the Christmas break of 2020, Governments and organisations across the globe went into full emergency mode in an attack that has since then been labelled “Solorigate” (also referred to as SUNBURST by FireEye) – one of the biggest and most complex cyber-attacks of all time.
SEPA, The Scottish Environment Protection Agency, was subject to a significant ransomware attack on the morning of 24th December last year. The organisations’ contact centre, internal systems processes, and internal communications were all impacted. This was a deliberate attack to inflict damage when there would be fewer staff.
It is important to be on top of your cyber security game and take the necessary precautions to keep your organisation safe.
Our Threat Intelligence Team has prepared the following Security Guidance to help your organisation to have a cyber-safe Christmas.
Review incident response plans and procedures.
Ensure your CIRP plans have been reviewed, are up to date and are consistent across all departments. A copy of your plans should also be stored offline.
Identify key IT security staff and contact information is up to date.
In the case of an emergency, who are the key contacts for the business? Ensure the contact names and numbers are the latest version and make sure that all staff are familiar with the processes and escalation paths if the worst is to happen.
Be conscious of potential social engineering attempts from individuals pretending to be from the IT team or similar. Likewise, question any unexpected ‘urgent’ requests to carry out any activities such as providing information or completing financial transactions. If in doubt, contact a known member of the IT/Security team who can verify. Do this by voice call to a known number, not email or text message.
Take a copy of your data and backups are offline.
Always have a backup of all your data stored offline; check that the backups are working and that all you have an extra copy of the latest files.
Implement multi-factor authentication for remote access.
Adding this extra layer of security can make it extremely difficult for the attacker to get past and, access cannot be granted by simply knowing or cracking the password. Also, acknowledge any unexpected MFA attempts, no matter the volume. Contact the duty IT Team if this is observed.
If you aren’t using it, shut it down.
Any devices you don’t need over the holiday period, turn off and shut down. Cybercriminals are using IoT devices as part of (D)Dos style attacks to gain an initial point of compromise into businesses internal networks.
Make sure your systems and applications are fully patched before you go off on leave.
Ensure devices are as secure as possible by keeping them up to date with the latest patches and firmware. Change default usernames and passwords and disable features that aren’t needed.
Make sure to have a physical key as well as your swipe card.
If you have swipe-card access into your buildings and server rooms, make sure to also have a physical key that will allow you access. If your door entry system becomes compromised, you will have to still gain entry to the building.
Don’t have a physical copy of your password lying around.
It can be easy to forget your password over the festive break but don’t leave them lying around your desk for someone to find.
Take your time going through emails.
Once you return to the office or log in following a break, a high volume of emails may entice you to go through them quickly. Take your time and consider – is this expected and, do I know the sender? Look for potential anomalies such as unknown links, generically named attachments, poor grammar, or generic statements in the email body. If in doubt, do not open. Contact the IT/security team.
Confirm your A/C units are operating correctly.
To protect all operational technology (OT), keep the A/C units running and keep your office cold.
And finally, when it comes to Cyber Security, phrases like “it can wait till the New Year” could come back to haunt you.
Continue to stay vigilant this upcoming holiday break and if you need support you can contact the Quorum Cyber Incident Response Team for immediate assistance on +44 333 444 0041.
Our dedicated team operates 24×7 to keep your organisation moving, cybercriminals don’t take a holiday, either do we.