Attackers frequently launch attacks during major holidays when they know that IT Professionals at organizations will be out of the office. The lack of qualified personnel reduces an organization’s ability to recognize or interfere with the attack process. The Kaseya attack over the Fourth of July weekend is just one example.
Additionally, they initiate fraudulent wire transfer requests when top-level executives are out of the office. They can tailor their email messages and phone call social engineering according to the situation to make the instructions to transfer money, purchase gift cards, etc. to make them more believable.
Yesterday, an executive pointed out that their attack took advantage of a new worker at their company. The bad actors tailored the attack to prey on the new team member’s eagerness to be helpful during their first days at work.
Attackers look for opportune moments. Everyone knows when holidays are, but if attackers know specific insider information like schedules or information about workers, always strive to determine how they found out the details.
Please forward this to other executives you know to be extra vigilant during holidays and other predictable times for attacks.