‘Tis the Season to be PhishingHow cyber criminals capitalize on seasonal shopping habits and what we can do about it. By: Dave Johnson
The holiday season is upon us once again. The conference call on-hold music has become more cheerful, the annual company party is coming up, and the holiday sales are making their way into circulars, popup ads, and emails. For many of us, these sights and sounds instill a familiar warmth and reminder of traditions. But for cyber criminals and cyber security professionals alike, this time of year has its own traditions.
Online Shoppers are Primed to Drop Their Guard around the Holidays
As just one example of a common seasonal security challenge, let's talk about phishing and pretexting. Pretexting is a very important facet of social engineering. In order for a social engineering campaign to be successful, trust must be established with the victim, and pretexting is one way of establishing that trust. Establishing a proper pretext can be difficult and complex, but with the decades-old marketing machine that kicks into high gear each holiday season, vying for everyone to make their purchases at one place or another, a lot of that pretext work is already done for them. All of us are programmed to expect giveaways, discounts, ecards, certain colors, scents and sounds. Not only that, we are also spending more money than we normally do. And that makes this time of year especially fruitful for cyber criminals who specialize in email phishing.
Now, while essentially everyone is more susceptible to this sort of pretext at this time of year, this can be especially dangerous for companies. Each user with access to a machine is primed and ready to click on something malicious disguised as a holiday offering, and history tells us it's going to happen. Each year, multiple federal agencies and security companies put out notifications about increases in activity, advising caution and tips on who to contact should you encounter one of these Internet-based scams. And while cyber criminals are more active, we in turn must be more vigilant.
So if you've been in cybersecurity for any length of time, you know the general ebb and flow of “compromise season” with respect to your industry and your business. You probably have existing awareness of trends and your own risks. You probably have your own habits and processes for making sure everything is shipshape and a heightened awareness for potentially malicious activity. But while the attack plane is ever changing, it is important to make certain you are already doing the right things from a foundational perspective, especially during times of increased seasonal risk.
Successful Holiday Season Security Habits:
- Make sure your patches, antivirus, and endpoint security agents are up to date.
- Check your web and email filters' current settings and make sure they are working properly.
- Conduct a mock phishing exercise or at least educate your team and your users about seasonal phishing attacks. It's especially important to remind everyone about the seasonal types of attacks you may commonly see in order to increase vigilance. It may be helpful to include practical information about personal cyber self-defense in addition to company security process in order to improve concept adoption.
- Review your visibility into your environment. Logs, security alerts, and endpoint behavioral data are all useful in spotting and stopping attacks before they progress.
- Tune your security devices (IDS/IPS, NGFW, WAF, etc.).
- Review your incident communication strategy with your internal security team and security partners. Verify they have the right people and the right process to use in case of suspected compromise. This may include your incident response plan.
- Go over the results from your most recent penetration test and vulnerability scans. Have at least all of your high and critical findings been remediated or compensated for?
- When you're approaching the holiday season, evaluate your posture from a business perspective. What do you consider to be an acceptable risk? Should temporary controls be put in place seasonally?
- Sign up for relevant security feeds and increase your focus on seasonal attack trends as is appropriate for your business.
- Be thoughtful about your holiday coverage. Mature cyber adversaries know security teams are stretched thin this time of year and may use that to their advantage.
Keep Your Holidays Happy and Hack-Free
Let's all have a great holiday security season this year, along with a little more peace of mind when we are spending time with our family and friends. A bit of additional planning can mean quite a bit of difference. Oh, and if you leave any cookies out for your coverage team, we recommend chocolate chip.