It’s the most compromised time of the year
With internet shopping
And so much DDoSing
That criminals cheer
It’s the most compromised time of the year
While you and your security team may be taking some personal time, cybercriminals often work harder than ever. In January of 2024, Vercara’s Distributed Denial of Service (DDoS) research notes that December 2023 saw a 48% increase in DDoS attacks that included a 104% increase in carpet bombing DDoS attacks. Additionally, the holidays provide valuable opportunities as people increasingly shop online. According to Forbes, consumers broke online Black Friday sales records in 2024, spending $10.8 billion online, over 10% more than in 2023.
Between bring-your-own-device (BYOD) policies that can compromise an organization’s systems and bot attacks that can disrupt business operations, cyber attacks can take the sparkle from your holiday without warning. With this collection of holiday carol-inspired Christmas cybersecurity tips for your business, you can stay protected and in the holiday spirit.
I Have a Phishing Email
I have a little email…
I made it from AI
And when I send it out there
Then I’ll steal PII
Oh phishing phishing email
I’ll spray you everywhere
Oh phishing phishing email
My victims will despair
(Sung to the tune of “I Have a Little Dreidel”)
On Cyber Monday, the US Internal Revenue Service (IRS) warned consumers to use extra caution when shopping online as identity thieves and scam artists accelerate their social engineering campaigns. During the time of year when people mail and receive more packages than usual, cybercriminals often send fake emails and texts to consumers requesting additional information to ensure delivery.
The Carol of the DDoS
Hark to the ping
All of us sing
DDoS
Oh what a mess
(Sung to the tune of “Carol of the Bells”)
During the holiday season, malicious actors target DDoS attacks against several consumer industries, like travel, tourism, and e-commerce. Vercara’s DDoS Report for November 2024 identified this shift, noting that, for the first time all year, travel and tourism was the third most targeted industry.
Fr0sty the Hacker
Fr0sty the Hacker
Ran some ransomware campaigns
Sent malicious links
To collect logins
Using many spoofed domains
(Sung to the tune of “Frosty the Snowman”)
Admittedly, not all hackers are malicious actors, but the term threat actor had too many syllables to fit the song’s rhyming and rhythm.
Moving on, research from Semperis found that 86% of organizations that experienced ransomware attacks were targeted on a holiday or weekend. The cybercriminal logic makes sense. With security analysts taking personal time, the organization has reduced staffing, which can leave already overwhelmed teams in distress.
It’s Beginning to Look Like a Data Breach
It’s beginning to look like a data breach
Every log it shows
Attempted and failed logins
Then suddenly they got in
Exploiting all APIs as they go
(Sung to the tune of “It’s Beginning to Look a Lot Like Christmas”)
Application Programming Interfaces (APIs) allow your applications to share data, including sensitive information like credentials. However, attackers increasingly target them because they are difficult to identify and secure. According to research from Cequence, 33% of organizations surveyed experienced multiple API-related security attacks in the past 12 months, and 31% experienced an API-related security attack during that time. The attacks had various causes, including coding vulnerabilities, like injection attacks and misconfigurations.
Auld Password Sign(in)
Should all old passwords be forgot?
So threat actors they can mine?
Should all old passwords be forgot
Brute force attacks they have in mind
(Sung to the tune of “Auld Lang Syne”)
Credentials are a digital gold mine for cybercriminals. If they manage to obtain them, they can gain unauthorized access to sensitive data and systems as part of a broader attack. Since this access is under the guise of a legitimate user’s login, security teams have a difficult time detecting the malicious actors as they move across systems. According to Sophos research, 43% of malware detected in 2023 fell into the stealer, spyware, and keylogger category. Cybercriminals use stealer malware to collect user credentials, then aggregate these into combo lists, text files containing usernames and passwords, to sell on the dark web.
Make a Cybersecurity list, then check it twice
Before you take your holiday PTO, you can review this list of cybersecurity best practices and check it twice to see if you have the right risk mitigations in place.
Enforce acceptable use policies
Cybercriminals often deliver malware and ransomware using malicious websites. With employees using corporate devices, you should consider limiting:
- Access to public websites, like social media sites used for phishing
- Installation of applications, like downloading software from unknown websites
- Access to risky categories of domains, like gaming and gambling sites
Block access to malicious websites
Threat intelligence can provide insights into known malicious websites that cybercriminals use to deliver malware. When creating block lists, you should include:
- Known risky domains, Fully Qualified Domain Names (FQDN), IP addresses, CIDRs, nameservers, and registrars
- Categories of risky sites associated with anonymous proxies (Tor), bots/C2, hacking/Warez/P2P, malware, ransomware, and phishing
Have a backup DNS
A DDoS attack that targets your DNS server can cause a service outage. To reduce an attack’s impact, you should have a backup DNS that enables redundancy and ensures performance that provides:
- Auto failover capabilities
- Multiple available regions
- Automatic restoration when a server comes back online
Implement Bot protection
To mitigate brute force attack risk against your APIs, you should have bot protection that can identify the difference between legitimate traffic and malicious traffic. With machine learning and artificial intelligence, this protection can help stop malicious bots from attackers without impacting service availability.
Remediate API vulnerabilities
Having a Web Application and API Protection (WAAP) solution can mitigate risks arising from vulnerable APIs. They can identify known and unknown APIs so you can implement the appropriate monitoring and management. Additionally, with a Web Application Firewall (WAF), you can mitigate risks by targeting vulnerabilities like those listed in the OWASP Top 10.
Vercara: Protecting your digital Infrastructure from the Grinch
Vercara’s purpose-built platform provides layers of defense that safeguard your online presence, no matter what attackers target or where the attacks come from. Our suite of cloud-based solutions enables you to protect networks and applications against threats and downtime, ensuring that your employees and customers have continued access to critical services.
To see how Vercara can help you secure your online experience, contact us today for a demo.
