Memorial Day weekend marks the unofficial start to the summer travel season and with it the potential for vacation-aligned network intrusions. U.S. authorities and network defenders in the private sector are quietly paying attention to potential threats that may emerge during key holiday weekends over the next three months.
While there are no official public warnings directly linked to the Memorial Day holiday, a pattern has emerged in recent years. Sophisticated hacking groups can target the U.S. during lengthy downtimes when IT security teams are working with very small staffs, corporate employees are on vacation and schools are on summer hiatus.
“Long weekends and holidays are prime times for malware attacks such as ransomware, because attackers like to target companies when they are likely to be most vulnerable,” Joye Purser, global lead of field cybersecurity at Veritas Technologies, said via email. “And there is an increased chance IT security staff may be operating with fewer team members during these times to accommodate vacation schedules."
During the summer of 2021, several of the largest ransomware attacks in recent U.S. history were all launched during major holiday weekends, prompting warnings from the FBI and the Cybersecurity and Infrastructure Security Agency.
The Colonial Pipeline compromise began around the Mother’s Day weekend in 2021 after DarkSide targeted its systems, leading to a major shutdown of gasoline supplies to much of the major fuel stations across the southeast and eastern U.S.
Leading global meatpacker JBS was hit by REvil ransomware over the Memorial Day weekend in 2021, forcing it to pay an $11 million ransom after operations were disrupted in the U.S. and Australia.
Kaseya, a Florida-based IT monitoring firm, was hit by a major ransomware attack at the start of the Independence Day holiday in 2021, which disrupted operations for the company and had downstream impacts for its customers.
The nation’s second-largest school system in the country, Los Angeles Unified School District, was hit by a ransomware attack over Labor Day weekend in 2022 that resulted in a massive data leak exposing potentially damaging and personal information of students.
The reason for holiday risk
Research from numerous firms demonstrates legitimate threat concerns about data security during holiday periods.
Companies are largely unprepared for holiday ransomware attacks, Cybereason research found, because organizations take longer to understand the scope of the intrusion. It makes incidents more difficult to stop and takes longer to recover from.
Separate research from Barracuda showed a sharp increase in threat activity during the summer 2022, including an increased wave of Microsoft 365 logins from a suspicious origin country and communications from a network to a dangerous IP address.
One concern about vacation time is that corporate employees are often away from their normal home offices or workstations and can be susceptible to social engineering or phishing attacks. Attackers know these workers are distracted and may try to take advantage.
“As a result, they will often use this opportunity to send BEC attacks and phishing links, knowing that employees more apt to be on vacation or away from their computers, making them more likely to respond to emails that contain urgent instructions,” Mike Britton, CISO at Abormal Security, said via email.
Researchers from Microsoft did not have any comment about specific holiday risk, but did reference a blog issued late last month about push bombing, a credentials-based attack that uses bots or scripts in order to trigger multiple access attempts.
Microsoft also noted that 80% of ransomware attacks can often be traced to configuration errors in software and other devices.
Danial Ahmed, cybersecurity advisor at Corvus Insurance, recommends companies take several steps to prepare for holiday weekends:
- Dust off your incident response plans and playbooks to identify the points of triage during the holidays and when to escalate to the broader team.
- Ensure recent external and internal vulnerability assessment reports are reviewed and there are no “gaping holes” that allow easy access to your network.
- Confirm, and don’t assume, that backup systems are running as designed and that a snapshot is taken before the holiday weekend.
- Educate non-security employees about the risk of cyberattacks during holiday weekends.