Companies in the retail and supply chain sectors are ramping up preparations for potential ransomware attacks during the critical Thanksgiving Day weekend, as millions of consumers plan to make holiday purchases amid major supply constraints and security operations staffers are already stretched to the limit.
The official start of the holiday shopping season has much of the global supply chain on edge amid wide expectations that threat actors will use the flurry of e-commerce activity to launch new ransomware attacks against major corporate targets.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) urged U.S. organizations — particularly critical industry — to take preventative cyber hygiene measures and prepare for possible surge security staffing during the holiday season.
"While we are currently not aware of a credible threat, we also know that criminals don't take holidays," Matt Hartman, deputy executive assistant director for cybersecurity at the Cybersecurity & Infrastructure Security Agency, told Cybersecurity Dive via email on Friday. "We will continue to provide timely and actionable information that helps industry and government partners of all sizes ensure appropriate diligence in their network defense practices and take important steps to strengthen their resilience. We urge all organizations to remain vigilant through the holiday season."
The CISA and FBI advisory urged organizations to enable multifactor authentication, ensure remote desktop protocol (RDP) is secure, use strong passwords and to watch out for phishing attacks, fraudulent shopping sites and unencrypted financial transactions.
Three-quarters of retail businesses may be at heightened risk of a ransomware attacks due poor TLS/SSL configuration management, according to research from BitSight. Large retailers can have hundreds or thousands of TLS/SSL certificates that identify specific devices connected to the internet.
Poor management is seen as an indicator of lax security hygiene and also raises concerns about whether an organization employs proper patch management, according to BitSight.
Nearly 90% of cybersecurity professionals across multiple countries fear a cyberattack will take place during the holiday season, a Cyberreason report found. The risk of such an attack could place severe strains on security operations already stressed from remote work conditions, staff shortages and a record year of supply chain and ransomware attacks.
For threat actors, the potential upside of a Thanksgiving weekend attack is immense, both from a psychological impact, as well as the opportunity to get a ransomware demand met, with due speed.
"Black Friday is called that because retailers turn profitable and 'go into the black' at that point in the yearly cycle of sales," Sam Curry, CSO of Cybereason, told Cybersecurity Dive. "That means a bad Black Friday or Cyber Monday is a disaster and ransomware gangs know this."
Threat actors have been using holidays and weekends to launch attacks against enterprises with increased frequency, with the Kaseya attack during the Independence Day weekend being one of the more recent examples, according to Josh Yavor, CISO at Tessian.
If enterprises are now deciding to ramp up staffing, it may be too late for them, Yavor said. Organizations should be reviewing security response processes and determining what gaps may exist.
"Once they have that insight, they then need to set expectations within leadership and across the organization so that teams have clear next steps and know what to expect in the event of security incidents," Yavor said.
The retail industry has been preparing for the heightened threat of cyberattacks for months. In September the National Retail Federation (NRF), working in partnership with The Chertoff Group, held a series of ransomware response exercises with about 150 leading officials from member companies that worked in security, legal, technology, and other key departments.
Just last month, the NRF held a webinar in conjunction with PwC and Microsoft on the issue of supply chain disruption.
"Retailers require 100% uptime, especially on the weekend leading up to Cyber Monday, and of course Cyber Monday itself," said Forrester Analyst Allie Mellen. "If retailers are compromised during this time, especially with a ransomware attack, they may be more inclined to make a quick decision like paying a ransom to get back online as fast as possible."
There could be an increase in phishing attacks as an entry point to the enterprise, with attackers posing as frustrated customers struggling to make an online purchase, Mellen said.