Washington — After a year of headline-grabbing ransomware attacks, businesses say they’re worried about the possibility they’ll face cyber intrusions this holiday season, a time when many of their cybersecurity operations rely on skeleton staffing.
Boston-based cybersecurity firm Cybereason commissioned a survey of 1,206 cybersecurity professionals at organizations that experienced a ransomware attack during a holiday or weekend within the last year. A whopping 89% of the respondents from the U.S., U.K., France, Germany, Italy, Singapore, Spain, South Africa, and UAE indicated that they were concerned about a repeat cyber intrusion ahead of the holiday season. However, 36% said they had no “specific contingency plan in place to mount a response.”
“The question becomes, at what point does this concern from cyber professionals translate into an action plan?” Cybereason CEO Lior Div told CBS News. “Do organizations have the right tools, processes and people in place to deal with an attack specifically in the upcoming holiday season? Hackers love to hack when they know we’re distracted and not ready to respond.”
The study revealed that organizations in the healthcare (65%) and manufacturing (67%) sectors — two of the biggest targets for ransomware attacks — were among the industries least likely to have developed contingency plans.
Cybercriminals have expanded hacking operations to repeatedly target the healthcare industry amid the coronavirus pandemic, leading to worsened health outcomes and excess deaths at hospitals.
Ahead of Labor Day weekend, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory warning of an “increase in highly impactful ransomware attacks occurring on holidays and weekends — when offices are normally closed — in the United States,” following a string of high-profile cyber incidents over long weekends.
Days later, Howard University in Washington, D.C. was forced to cancel classes for more than a week after malicious actors held its network hostage. The July 4 holiday weekend saw one of the single largest ransomware attacks to date, when an affiliate of the “REvil” cyber gang targeted software company Kaseya just six weeks after the Russian-linked cyber criminals sabotaged meat processor JBS over Memorial Day weekend, extorting the company for an $11 million ransom.
Colonial Pipeline paid a $4.4 million in ransom to the DarkSide group after being forced to shut down its operations during Mother’s Day weekend, though the FBI later recovered $2.3 million of the ransom from the Russia-based hacking group.
The new report by Cybereason revealed the human cost of such attacks, with 86% of respondents missing holidays or weekend activities with family and friends to return to work in the wake of a cyber incident. Nearly three-quarters surveyed admitted they were intoxicated while responding to a ransomware attack on the weekend or during a holiday, “a risk factor for organizations that may not have been accounted for by incident response and business continuity plans,” according to the report.
And the vulnerability of these organizations is further exacerbated by holes in the workforce. In the United States, there are nearly 500,000 vacancies for cybersecurity jobs, according to Cyber Seek — a tech job-tracking database from the U.S. Commerce Department — and the trade group CompTIA.
Ransomware payments reached over $400 million in 2020, the FBI reported. And this year, the average ransom payment is up more than 500% over 2020, amounting to $5.3 million, according to Cybereason.
In June, President Biden demanded that Russian President Vladimir Putin put an end to cybercriminal operations using Russia as a safe harbor. But attacks have persisted despite “too soon to tell” and diplomatic efforts aimed at curtailing Russia-linked ransomware operations.
“From the beginning of this year, we’ve seen a massive push in cyber intrusions, specifically originating from the ransomware cartel in Russia, starting all the way from Colonial Pipeline to the JBS hack,” Dior told CBS News. “We thought that after President Biden met with President Putin, we’d see a decrease in those types of attacks. But actually, what we see is a steady stream of these types of hacks. The ransomware cartel did not stop for even a single moment.”
In early November, the country’s top military cyber officer, Army General Paul Nakasone, said it was “too soon to tell” if the Kremlin had facilitated the international hunt for cybercriminals after the United States handed over names of wanted suspects.
“From an FBI perspective, we have not seen a decrease in ransomware attacks in the past couple of months originating from Russia,” Bryan Vorndran, assistant director of the FBI’s cyber division, told Congress on Tuesday.
Tiny cybersecurity mistakes by companies or organizations can cause massive damage.
A congressional investigation into three major ransomware events in 2021 noted that “small lapses led to major breaches.” The report, released on Tuesday by the House Oversight Committee, indicated that “Ransomware attackers took advantage of relatively minor security lapses, such as a single user account controlled by a weak password, to launch enormously costly attacks.”
“Even large organizations with seemingly robust security systems fell victim to simple initial attacks,” the report continued, “highlighting the need to increase security education and take other security measures prior to an attack.”
In its own report, Cybereason offered companies and organizations advice aimed at reducing risk this holiday season.
“Practicing good security hygiene,” “lock down critical accounts for the holidays or weekend,” and “assure key players can be reached at any time of day,” were among the laundry list of precautions suggested.
“Cyber defenders are heroes,” Div added. “We need to ensure that companies and organizations are providing them with the right tools and support to do their job right.”