FBI, CISA Issue Ransomware Advisory Prior to Labor Day Weekend

The Federal Bureau of Investigation and Cybersecurity and Information Sharing Agency issued a joint cybersecurity advisory Thursday warning of increasing attacks against U.S. entities on or around holiday weekends.

The agencies note they do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday.

“Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends over the last several months. The FBI and CISA do not currently have specific information regarding cyber threats coinciding with upcoming holidays and weekends,” the advisory reads. “Cyber criminals, however, may view holidays and weekends—especially holiday weekends—as attractive timeframes in which to target potential victims, including small and large businesses.

The agencies suggest organizations engage in preemptive threat hunting on their networks. Threat hunting is a proactive strategy to search for signs of threat actor activity to prevent attacks before they occur or to minimize damage in the event of a successful attack
Indicators of suspicious activity that threat hunters should look for include:

• Unusual inbound and outbound network traffic
• Compromise of administrator privileges or escalation of the permissions on an account
• Theft of login and password credentials
• Substantial increase in database read volume
• Geographical irregularities in access and log in patterns
• Attempted user activity during anomalous logon times
• Attempts to access folders on a server that are not linked to the HTML within the pages of the web server
• Baseline deviations in the type of outbound encrypted traffic since advanced persistent threat actors frequently encrypt exfiltration.