The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a cybersecurity advisory today, warning public and private sector organizations to stay vigilant for ransomware attacks and other cyberattacks leading up to and during the holiday season.
The two agencies said there is currently no “specific threat,” but reminded critical infrastructure partners that malicious cyber actors do not take off for the holidays.
“Although neither CISA nor the FBI currently have identified any specific threats, recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends,” the advisory says.
CISA and the FBI urged organizations to take the following actions to protect themselves against cyberattacks:
- “Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
- Implement multi-factor authentication for remote access and administrative accounts.
- Mandate strong passwords and ensure they are not reused across multiple accounts.
- If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
- Remind employees not to click on suspicious links, and conduct exercises to raise awareness.”
Additionally, the two agencies recommended vigilance against phishing scams and unencrypted financial transactions. For those planning to do their holiday shopping online, the agencies also warned against fraudulent websites spoofing reputable businesses.
“While we are not currently aware of a specific threat, we know that threat actors don’t take holidays,” CISA Director Jen Easterly said in a statement. “We will continue to provide timely and actionable information to help our industry and government partners stay secure and resilient during the holiday season. We urge all organizations to remain vigilant and report any cyber incidents to CISA or FBI.”
FBI Cyber Assistant Director Bryan Vorndran also urged network defenders to remain alert over the holidays and to report any suspicious activity to the FBI’s Internet Crime Complaint Center.
“The FBI is dedicated to combatting cyber-crimes targeting the American public and our private sector partners. Cyber criminals have historically viewed holidays as attractive times to strike,” Vorndran said. “We will continue to provide cyber threat information and share best safeguard practices.”
For more information, CISA and the FBI urged organizations to visit www.stopransomware.gov, the Federal government’s one-stop shop for ransomware resources and alerts.