White House warns of increased hacking around holidays, offers mitigation steps

The White House is warning critical infrastructure operators and others to be vigilant of ransomware and other cyber threats going into the Labor Day holiday weekend.

While the White House had no specific threat information to share, Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger said historically malicious actors have looked to holiday weekends as prime times to launch attacks.

"Attackers have sometimes focused on security operation centers that may be understaffed or a sense that there are fewer key personnel on duty as they may be on vacation" over holiday weekends, Neuberger said during a Sept. 2 White House press briefing. "And indeed, a long weekend can sometimes make attackers feel they have extra time to navigate in a network before they are detected."

The ransomware attack on Colonial Pipeline preceded Mother's Day weekend, the agricultural sector was hit with a ransomware attack affecting meat production facilities over the Memorial Day weekend, and ransomware actors attacked an IT sector entity during the Independence Day holiday weekend.

Critical infrastructure owners and operators, in particular, should be on alert, Neuberger said as part of the Biden administration's effort to raise cybersecurity awareness.

While the US continues to hold discussions with and look for action from Russia with regards to cracking down on ransomware attackers, "we also need to look at our own activity ... to ensure that we're doing everything we can to lock our digital doors and ensure that our networks and our organizations are as safe as they need to be online," she added.

Cybersecurity advisory

Neuberger pointed to a cybersecurity advisory that the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation put out Aug. 31 highlighting the increase in highly impactful ransomware attacks occurring on holidays and weekends and providing best practices for managing cyber risks.

Among network defense practices outlined in the advisory was a recommendation to perform preemptive threat hunting on networks to search for signs of threat actors.

"Ransomware continues to be a national security threat and a critical challenge, but it is not insurmountable," CISA Executive Assistant Director for Cybersecurity Eric Goldstein said in a statement.

If an organization does fall victim to an attack, the advisory recommends not paying the ransom as payment does not guarantee that data will be recovered. Regardless of whether a payment is made, the incident should be reported to CISA and the local FBI field office, the advisory said and lists specific "forensic artifacts" that can be used to identify and hold accountable malicious actors.

Neuberger, during the press briefing, also laid out steps company executives should take to bolster their cyber posture ahead of the holiday weekend, including updating and patching all software; using strong passwords and having key personnel change their passwords before the weekend; implementing multifactor authentication; reviewing and drilling incident response plans and segregating up-to-date backups from the network so they are not accessible to hackers.

Federal network modernization

The White House has pointed to a laissez-faire attitude toward cybersecurity and poor software security as common threads in last year's SolarWinds incident and the May ransomware attack on Colonial Pipeline.

The SolarWinds incident allowed hackers to access computer networks used by the Department of Energy, Federal Energy Regulatory Commission, and other government and private entities, while the ransomware attack shut for five days a 5,500-mile pipeline that supplies about 45% of all the gasoline and diesel fuel consumed on the East Coast, triggering gasoline and diesel price spikes, panic buying, and supply shortages across the Southeast and East Coast.

President Joe Biden in May issued an executive order to tackle outdated cyber tools for federal networks and urged the private sector to follow suit.

That EO set an "achievable but aggressive" timeline, according to Neuberger, for agencies to adopt security best practices, such as expediting the move to secure cloud services, employing zero-trust security models, and mandating the deployment of multifactor authentication and encryption.

Neuberger said every deadline thus far has been met, with agencies on track to complete the rollout of modernized defenses by October or November.

Key agencies across the government and the intelligence community are on the lookout for "any early signs of any incidents" so they can be quickly addressed, she said. But the private sector must also take steps "to be as safe as possible in advance of what may be an increased threat, as we've seen in history ... during the holiday weekend."