Cybercriminals are ready to crash your holiday party

By Jeremy Ho, Managing Director for Southeast Asia, Hong Kong, and Taiwan at SentinelOne

During the holiday season, businesses tend to lose some of their focus on cybersecurity. Employees tend to take time off during this time of year, leaving just a skeleton crew on hand to address high-priority issues.

Threat actors understand this, and use it to their advantage. In 2016, cybercriminals took advantage of the mismatched weekend between Bangladesh and the United States and Chinese New Year, which was being celebrated in the Philippines, resulting in a US$101 million bank heist.

The operation began by sneaking malware into the Bangladeshi bank sometime in January 2016. The criminals waited until the weekend of February 4. They began their financial transactions on Thursday night in Bangladesh, knowing that the weekend there was Friday-Saturday. Transfers arrived at the Federal Bank of New York on Thursday morning, New York time.

Five transfers were processed as a matter of course, and funds were sent to accounts in Sri Lanka and the Philippines (a spelling mistake on $US850 million in transfers raised a red flag in New York, and the funds were placed on hold). On Sunday, when the Bangladesh bank realised the fund transfers were unauthorised, they sent a SWIFT message to the bank in the Philippines requesting a hold on the funds. However, due to the Chinese New Year and the resulting bank holiday in the Philippines, the money had already been transferred out of the account by the time Philippine bank officials saw the message. 

The criminals engineered a situation where there would be less oversight for a full 3-day weekend.

Unfortunately, there isn’t much that an organisation can do to prevent employees from taking well-deserved time off to spend the holidays with their families. However, there are a wealth of tools they can use to ensure constant security even while employees are away.

Improving Your Security Posture during the Holiday Season

Automation is the first step in maintaining a high standard of security even while employees are away. Automation helps teams do more with limited resources, a common occurrence every holiday season.

Automated workflows create a higher degree of visibility throughout every hidden corner of a network. It should autonomously ingest, connect, and query massive amounts of data in real time. 

Once breaches or suspicious activity are detected, these systems automatically repel cyberattacks in real time, performing at a higher speed and accuracy than most human teams.

This visibility never stops. The autonomous nature of leading XDR solutions means 24/7 visibility. Even while employees are off enjoying the holidays, XDR solutions continue to respond to any cybersecurity threat, at machine speed.

Improving ID Management

Upgrading identity management is another tool security teams can use over the holidays when there aren’t enough team members to review employee activity logs for suspicious behaviour. Identity Threat Detection and Response (ITDR) helps ensure that only authorised employees can access sensitive company information.

Without an identity management solution in place, organisations are vulnerable to phishing attacks, where employees are tricked into sharing their username and password credentials with criminals. Even adding a two-factor authenticator (2FA) can limit the risk involved, as cybercriminals would require both the user's credentials and their phone or email address to access the one-time password. Again, this is a valuable defence tool during the holiday season, when understaffed teams can’t review logs to find suspicious behaviour.

Threat Hunting after the Holidays

When the holidays are over, and the full team is back in place, it’s always a good idea to conduct a thorough threat-hunting exercise. Dormant malware, like that which was inserted in the month before the Bangladeshi bank heist, can be found during a threat-hunting sweep, and protect an organisation from future attacks.

Stay Vigilant this Holiday Season

The sad truth is that threat actors take advantage of weaknesses. For businesses and government agencies, that means taking extra care during the holidays.

We’ve observed a sharp increase in the number of cyberattacks taking place across the Asia Pacific and Japan. Organisations need to act proactively by deploying automated cybersecurity tools that continue to monitor even when the offices are closed.

In addition to threat hunting, he recommended organisations upgrade all operating systems and software, scan for vulnerabilities, use multi-factor authentication, and enforce a strong password policy.

With the right automated tools in place, supported by artificial intelligence and machine learning, and following recommended guidelines, cybersecurity teams should be able to enjoy a few well-deserved days off this holiday season.