Cybersecurity Experts: July 4th Weekend Ripe for Ransomware, Other Attacks

Last year, on the eve of the July 4th weekend, the REvil ransomware gang attacked Kaseya, creating a nightmare for the company and its customers.

The Kaseya attack impacted nearly 50 customers. That included 35 MSPs. About 1,500 of their customers also suffered. The attackers breached Kaseya VSA, its remote monitoring and management (RMM) service. All of the MSPs were using the VSA on-premises product.

Earlier this year, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned organizations to brace for potential attacks during holidays, particularly holiday weekends.

The FBI and CISA don’t have specific information regarding cyber threats coinciding with upcoming holidays and weekends. Cybercriminals, however, may view holidays and weekends, especially holiday weekends, as attractive time frames in which to target potential victims, including small and large businesses.

Should organizations be on high alert as the July 4th weekend approaches? Cybersecurity experts we polled said there’s good reason for organizations to be on alert for potential attacks.

Preparing for the July 4th Weekend Threat

Matthew Warner is Blumira‘s CTO and co-founder.

“Threat actors are opportunistic, and they know that IT and security teams will be limited over holiday weekends,” he said. “Before the weekend, organizations should ensure that their systems are fully patched to prevent an attacker from exploiting potential vulnerabilities. It is always extremely important that organizations focus on detecting the first three steps of a ransomware attack: discovery, gaining a foothold, and escalating privileges. Detection, in addition to being aware as to what data you hold, will allow you to quickly respond to attacks and worst case be sure of post-exploitation handling of a ransomware event.”

John Fokker is Trellix’s head of cyber investigations.

Trellix’s John Fokker

“REvil and other ransomware gangs were targeting MSPs well before the attack on Kaseya,” he said. “With ransomware, it’s all about the money, and organizations responsible for keeping their customers secure and operational have a lot to lose. MSPs and MSSPs can’t let this cloud their ability to mitigate an attack quickly and strategically. Having a cyber incident response plan in place and reporting to law enforcement should be table stakes. Every organization contracting another business for services needs to ensure those they grant privileges to are transparent in their practices.”

See our slideshow above for comments from more cybersecurity experts about the potential July 4th weekend cyber threat.