As every infosec expert knows, cybercriminals just love holidays. Trusting users can expect sales scams and phishing under the guise of gifts and congratulations, while organizations can look forward to DDoS attacks on their servers (like the ones Xbox and PlayStation services experienced) or, worse, network intrusions (talking about you, BBC). For network attackers, Christmas provides two golden opportunities. First, people wind down before the holidays, making them less prepared for a serious incident, and second, lots of IT staff are on vacation. Both these factors negatively impact the speed and effectiveness of the response. To minimize the chances of a successful attack, you can take a few simple but quite effective measures beforehand. Sure, they won’t guarantee total security, but will greatly curtail the hackers’ options.
As 2022 has shown, the world of cybercrime has become even more specialized and niche-oriented. Cybercriminals sell initial access to corporate networks as a service, where one of the most common commodities is the legitimate credentials of current employees stolen using malware or phishing. You can make such attacks harder to carry out by introducing a costly multifactor authentication system and a Zero Trust strategy, though the week before Christmas is definitely not the time to make radical changes to your security system.
But there are simple steps you can take:
- Check that the list of employees with access to the corporate infrastructure via VPN or RDP does not include unauthorized persons, needless technical accounts, or laid-off colleagues. Revoke access from those who don’t need it.
- Change the administrator account passwords and make sure all on-duty admins have got the new password. If multifactor authentication is not enabled for some, now is the time to do it.
- A more radical version of the previous tip is to create special “emergency” admin accounts for potential incident response over the holidays. The rights granted to regular administrator accounts can even be temporarily restricted so that attackers cannot exploit them.
- Terminate unnecessary sessions that employees have left on any devices for an extended period of time. This applies equally to corporate messengers, web applications, and any other services.
- Terminate unnecessary VPN connections.
Another common way to infiltrate a corporate network is by exploiting unpatched vulnerabilities. And for hackers the undisputed leader are holes in the corporate server infrastructure, such as ProxyShell (CVE-2021-34473). These make it possible to penetrate the juiciest parts of the network and take over additional servers, right up to the domain controller. Therefore, before the holidays, it won’t hurt to check and install fresh patches for all key applications. Of course, this process is far simpler if you use security solutions with a built-in patch management system.
Appoint (in writing) people responsible for incident response. All those involved must know the allocation of roles, and key people must be available by phone and online 24/7. In the event of a major attack, corporate messengers and mail may be down, so it’s important to have backup communication channels that all members of the “alert team” are connected to.
If you have access to some platform for security awareness training, now is the time to carry out a Christmas-themed phishing exercise. All those who fall for it should probably retake the training course (probably next year) and change their passwords before the holidays.
If you don’t have access to such a system yet, at least send out an email reminding employees to be vigilant, with a couple of screenshots of “Christmas phishing” attached as an example.
If, when preparing for an attack during the holiday season, you realize that your team is not ready to provide 24/7 network protection, you might want to consider employing Managed Detection and Response experts.
This is basically an outsourced team to solve infosec issues. MDR providers can deploy solutions based on leading infosec products fairly rapidly, but it’s still going to be a tough ask the week before Christmas. So, switching to MDR could be a New Year’s resolution, since it is the most effective solution for companies that can’t yet afford a 24/7 Christmas watch.