For most Americans, July 4 is an idyllic holiday of cookouts, parades and fireworks, and leisure time by the pool or even at the beach. It’s a day when offices and businesses shut down, and even the stock market takes the day off.
But for cybersecurity pros, there’s always a little discomfort in the back of their minds, the thought that somewhere hackers are working overtime, trying to breach networks while much of the security staff has the day off.
“If only threat actors would take time off during holidays,” quipped Ryan Barnett, Principal Security Researcher at Akamai Technologies.
Threat hunter and SANS author and instructor Ryan Chapman said he “worked my largest case ever on July 4th. Massive case.” He couldn’t reveal details, but he called the holiday a “super common attack day.”
This year, July 4 will come with a little additional uncertainty: Whether CDK Global can get its critical auto dealership software back up and running in time for holiday sales. The early progress suggests the company may make good on that pledge.
Fortunately, July 4 has usually been relatively free of major security drama, with the Kaseya supply chain ransomware attack of 2021 and a North Korea-connected DDoS attack in 2009 two noteworthy exceptions. But that doesn’t mean the day isn’t full of small incidents that never get written up by security writers. You can be sure that somewhere, some cybersecurity pros will be laboring away, missing all the fun.
Not Just July 4, All Holidays are Risky for Security Pros
Holidays in general tend to be an important time for security pros to be vigilant, which means they can pretty much never relax on a holiday. After nasty attacks over Mother’s Day, Memorial Day and Independence Day in 2021, a rough month that included the Colonial Pipeline, Kaseya and meatpacking plant attacks by the DarkSide and REvil ransomware groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations to be especially vigilant on holidays.
CISA said cyber criminals “may view holidays and weekends—especially holiday weekends—as attractive timeframes in which to target potential victims, including small and large businesses. In some cases, this tactic provides a head start for malicious actors conducting network exploitation and follow-on propagation of ransomware, as network defenders and IT support of victim organizations are at limited capacity for an extended time.”
CISA recommended controls like ransomware-resistant backups, isolating critical workloads and strong authentication and access controls.
For security pros, there probably wasn’t a lot of news in the CISA warning; a part of the job is knowing that attackers are always present, whether you’re on the job or not. With any luck, maybe you have a third-party service provider watching over your IT environment during off hours – which means that someone at the service provider’s security operations center (SOC) has to spend the holiday staring at a screen instead of being with family. Even then, there’s always the possibility that a managed security services provider (MSSP) might need onsite assistance in dealing with an incident.
December Can Be Rough for Security Teams Too
Not surprisingly, December can be another tough month for security teams. In addition to lower staffing levels, online activity and shopping make it a great time of year for scams and phishing emails to find unwitting victims. And as holidays in December are more global in nature, the cyber pain can be felt around the world.
The first widely disruptive worm had a Christmas theme: “Christmas Tree EXEC” wreaked havoc on networks in December 1987, and cyberattacks have been a holiday tradition since.
Barnett, the Akamai Technologies researcher, had his own December nightmare. The dreaded Log4j “Log4Shell” vulnerability – the subject of a CISA advisory just two days before Christmas – hit while he was vacationing with family in late 2021.
“I distinctly remember being in the car with my family on vacation in Florida at the time of Log4J and jumping on triage conference calls,” he said. “While not fun, it’s part of the job.”
“This was, thankfully, an atypical event, as it was an extremely far-reaching vulnerability coupled with a myriad of attack payload obfuscation options,” Barnett said. “These large cyber events raise in criticality when threat actors have proof of concept exploit code. In these situations, it is ‘all hands on deck’ with regards to cyber defense operations staffing, and that usually includes 24/7 support.”
These never-ending cyber threats that seem to get even worse at holiday time are one reason security pros report such high levels of job stress. So, if you share a cookout with a cybersecurity pro this July 4th and they seem a little preoccupied, let them know you get where they’re at, and maybe they’ll even relax a little. We hope.
