Joint advisory released by FBI and CISA in preparation for the upcoming holiday season

On Monday 22^nd of November 2021, Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA), released a joint cybersecurity advisory where they warned of upcoming spikes in cyberattacks as the holiday season approaches. The advisory was aimed at all organisations although it had a heavy emphasis on critical networks, systems and infrastructure.

The CISA and FBI also emphasised a caution around ransomware attack targeting organisations during holidays and weekends based on past attacks and trends from 2021, that show that malicious threat actors commonly launch serious and impactful attacks against all kinds of organisations.

“Although neither CISA nor the FBI currently have identified any specific threats, recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends.” – CISA/FBI joint advisory.

The advisory also detailed recommend actions that the CISA and FBI urges organisations to help mitigate ransomware threats during the holiday season and warned of common techniques used by threat actors to gain access to networks: phishing scams, fraudulent sites spoofing reputable businesses, and unencrypted financial transactions.

The recommended actions were:

• Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
• Implement multi-factor authentication for remote access and administrative accounts.
• Mandate strong passwords and ensure they are not reused across multiple accounts.
• If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
• Remind employees not to click on suspicious links and conduct exercises to raise awareness.