Skip to main content
close search
site logo

Enterprises prepare for ransomware threats during Thanksgiving

Retail, transportation and other sectors are bracing for heightened cyber risks, placing renewed pressure on security operations.

Published Nov. 22, 2021
David Jones's headshot
Reporter
Ransomware virus has encrypted data. Attacker is offering key to unlock encrypted data for money.
vchal via Getty Images

Companies in the retail and supply chain sectors are ramping up preparations for potential ransomware attacks during the critical Thanksgiving Day weekend, as millions of consumers plan to make holiday purchases amid major supply constraints and security operations staffers are already stretched to the limit. 

The official start of the holiday shopping season has much of the global supply chain on edge amid wide expectations that threat actors will use the break to launch new ransomware attacks against major corporate targets. 

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) urged U.S. organizations — particularly critical industry — to take preventative cyber hygiene measures and prepare for possible surge security staffing during the holiday season. 

"While we are currently not aware of a credible threat, we also know that criminals don't take holidays," Matt Hartman, deputy executive assistant director for cybersecurity at the Cybersecurity & Infrastructure Security Agency, told Cybersecurity Dive via email on Friday. "We will continue to provide timely and actionable information that helps industry and government partners of all sizes ensure appropriate diligence in their network defense practices and take important steps to strengthen their resilience. We urge all organizations to remain vigilant through the holiday season." 

The CISA and FBI advisory urged organizations to enable multifactor authentication, ensure remote desktop protocol (RDP) is secure, use strong passwords and to watch out for phishing attacks, fraudulent shopping sites and unencrypted financial transactions. 

Three-quarters of retail businesses may be at heightened risk of a ransomware attacks due poor TLS/SSL configuration management, according to research from BitSight. Large retailers can have hundreds or thousands of TLS/SSL certificates that identify specific devices connected to the internet. 

Poor management is seen as an indicator of lax security hygiene and also raises concerns about whether an organization employs proper patch management, according to BitSight

Nearly 90% of cybersecurity professionals across multiple countries fear a cyberattack will take place during the holiday season, a Cyberreason report found. The risk of such an attack could place severe strains on security operations already stressed from remote work conditions, staff shortages and a record year of supply chain and ransomware attacks. 

For threat actors, the potential upside of a Thanksgiving weekend attack is immense, both from a psychological impact, as well as the opportunity to get a ransomware demand met, with due speed. 

"Black Friday is called that because retailers turn profitable and 'go into the black' at that point in the yearly cycle of sales," Sam Curry, CSO of Cybereason, told Cybersecurity Dive. "That means a bad Black Friday or Cyber Monday is a disaster and ransomware gangs know this."

Threat actors have been using holidays and weekends to launch attacks against enterprises with increased frequency, with the Kaseya attack during the Independence Day weekend being one of the more recent examples, according to Josh Yavor, CISO at Tessian

If enterprises are now deciding to ramp up staffing, it may be too late for them, Yavor said. Organizations should be reviewing security response processes and determining what gaps may exist. 

"Once they have that insight, they then need to set expectations within leadership and across the organization so that teams have clear next steps and know what to expect in the event of security incidents," Yavor said. 

The retail industry has been preparing for the heightened threat of cyberattacks for months. In September the National Retail Federation (NRF), working in partnership with The Chertoff Group, held a series of ransomware response exercises with about 150 leading officials from member companies that worked in security, legal, technology, and other key departments. 

Just last month, the NRF held a webinar in conjunction with PwC and Microsoft on the issue of supply chain disruption. 

"Retailers require 100% uptime, especially on the weekend leading up to Cyber Monday, and of course Cyber Monday itself," said Forrester Analyst Allie Mellen. "If retailers are compromised during this time, especially with a ransomware attack, they may be more inclined to make a quick decision like paying a ransom to get back online as fast as possible."

There could be an increase in phishing attacks as an entry point to the enterprise, with attackers posing as frustrated customers struggling to make an online purchase, Mellen said.

Filed Under: Threats

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Threats
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell