The 7 following dates are cyber thugs favorite ‘holidays,’ and they are known to celebrate with even more cunning and fervor than ever. Be the Grinch to these cyber thugs by learning the following dates, and how to prevent the attack from occurring.
Quarterly Earnings Day.
Attacks occur on public companies just before a big quarterly earnings release, combined with shadow shorting of the company’s stock in order to make money based on the ensuing mayhem. Shorting is basically selling a stock without owning it, with the plan to buy the stock later on when the price drops. By creating a crisis, the attackers can manipulate the stock price downwards and profit when the price goes back up.
To defend against this cyber thug celebration, make sure your company knows that this is a critical time for the business. Realize that the criminals don’t necessarily need to use a technological attack vector to create havoc here.
Black Friday / Cyber Monday.
It is the day when huge discounts are offered on most online retail stores, which means a huge increase in online shopping traffic. Online shopping requires online payment, which provides hackers the opportunity to snoop for the details of customers as they make their payments.
Shoppers should be extremely cautious while making payments online. They should be wary of false links offering sales and discounts, as well as make sure they pay through websites that use secure protocols to encrypt data.
There as been an increase in phishing/spear phishing attacks on the business around Tax Day (April 15th) The emails typical of these attacks assume the authority of the IRS in requesting that the recipient visit the ‘IRS’ website link enclosed or open the ‘IRS’ file. The file or link contains requests for updated personally identifiable information or PII, which the attackers will exploit.
During tax time,remember that the IRS never sends such emails. They will only make contact through the US mail.
Software Support Retirement / End of Support Day.
This is the date when support ends for any OS or software package. Unsupported software leaves enterprises open to attack. Because the vendor will no longer make general releases of security patches, each new hole attackers uncover will remain vulnerable.
The way around this day is to investigate the availability of extended support offered by the vendor at a premium. Weigh that cost against an investment in deploying the latest software product or version that replaces the older product. Either of these avenues is going to cost you. If neither option will fit your budget, consider a refresh road map that includes well-supported open-source software for applications where the reward outweighs the risk. .
Zero Day refers to the day when a weakness in a software is found by the developers or vendors. Since the software is vulnerable as long as a fix is created and launched, hackers make the most of the situation. There is no specific time frame for the duration of zero-day as it last until a patch is found. A lot of damages can be done in that time.
The way around this day is to enhance your system to detect and report threats as and when they come. A regular track of the status of the systems should be maintained in order to report any discrepancies as they could give an indication of anomalous activity.
Patch Tuesday / Ida Pro Wednesday.
This day occurs every month. It is when Microsoft releases a new patch for its customers. Hackers use a tool called Ida Pro Wednesday to make the most of these patches. They benefit from such days as they figure out how the patch works and work their way from the end point to the starting point to find loopholes in the users’ systems.
The best method to prevent such attacks is to use many layers of security for your system which would make random and small-scale attacks useless.
Data Dump Day.
This day is when hackers release the information they have stolen from others on to an underground forum or group. Exchange of this information all at once can lead to organizations incurring hefty losses and damage on a single day due to disclosing of sensitive information.
To guard against this threat, the cyber security team should be on the lookout for underground networks and look for spikes in criminal activity, which indicates that a day like this is round the corner.