Ransomware attacks targeted at weekends and holidays

Most ransomware attacks occur during weekends and holidays, times of distraction or disruption when the majority of SOCs are not adequately staffed.

A new report from Semperis finds that 52 percent of surveyed organizations in the US, UK, France, Germany, Italy, Spain, Singapore, Canada, Australia and New Zealand were targeted at holidays or weekends.

Alarmingly, 78 percent of companies cut security operation centre (SOC) staffing by 50 percent or more during holidays and weekends, while six percent cut their SOC staffing entirely during these same times. 60 percent of attacks occurred following an IPO, merger or acquisition, or round of layoffs.

The high profile Jaguar Land Rover attack began on a Sunday and the Collins Aerospace attack happened on a Friday evening, disrupting several airports, including London Heathrow.

“Threat actors continue to take advantage of reduced cybersecurity staffing on holidays and weekends to launch ransomware attacks. Vigilance during these times is more critical than ever because the persistence and patience attackers have can lead to long lasting business disruptions,” says Chris Inglis, the first US National Cyber Director and Semperis’ strategic advisor. “In addition, corporate material events such as mergers and acquisitions often create distractions and ambiguity in governance and accountability -- exactly the environment ransomware groups thrive on.”

Reduced staffing is down to a number of factors, 62 percent of organizations say they want to provide employees with work/life balance, 47 percent report their business is closed on holidays and weekends, and 29 percent didn’t think they would be attacked.

Ransomware gangs also target major corporate events, 60 percent of ransomware attacks took place after a material corporate event and of those attacked after such an event, 54 percent of companies report being targeted following a merger or acquisition.

The report also shows that identity threat detection and response (ITDR) plans are gaining traction, with 90 percent of respondents reporting that their plans detect identity system vulnerabilities. However, only 45 percent of plans include remediation procedures, and only 63 percent automate identity system recovery.

You can get the full report from the Semperis site.

Image credit: Benjawan Sittidech/Dreamstime.com