Seasonal Attacks: The Cybersecurity Implications of Children Returning to School

From Easter to Halloween to Christmas, the UK calendar contains several occasions and holiday milestones that provide plenty of opportunities for celebration throughout the year.

For many, such events provide a chance to reconnect with family and friends by hosting festivities and quality time. Yet, unfortunately, not everyone views seasonal events in the same manner. For cyber-criminals, they are seen as an opportunity to execute pertinent attacks.

There are three key reasons why cybercrime tends to spike as a result of seasonal events. 

First is that some cyber-criminals often live their lives in much the same way as you and me. Indeed, some crimeware actors operate in gangs and do so full time, but many also work ordinary jobs in the day while running malicious cyber-centric operations on the side.

This may be why there are sometimes more attacks taking place at the weekends. And in the case of seasonal events, hackers, like the rest of us, may take time off work or benefit from bank holidays, and therefore have more time to execute attacks.

Simultaneously, security is often weaker for this very same reason. Cybersecurity professionals may also take holidays at similar times. Hence, the companies they work for can undergo periods where their defenses drop, and their ability to analyze, respond and remediate is diminished. 

Thirdly, seasonal events also offer an easy avenue. Attackers like to ride on the coattails of trends. For example, when there was a global increase in online purchases during the pandemic, attackers launched a series of fake logistics attacks, posing as delivery firms like UPS or DHL to conduct widespread smishing campaigns. 

We see similar patterns occurring during the Christmas period every year. Phishing emails and SMS messages use the hook of late deliveries or meal booking services, with people more likely to be ordering gifts and going to restaurants during the holidays. 

Simply put, holidays provide opportunities. And when there’s a shared consciousness around such events – a current example being children heading back to school – it becomes easier for attackers to take advantage. 

In regard to the example just mentioned, parents have been bombarded with a variety of ‘back to school’ messages recently, varying from official communications from schools to promotional emails from retailers marketing their school-based products.

For attackers, the opportunity lies in the fact that parents naturally expect to receive such communications and may be prone to letting their guard down.

Indeed, threat actors have an abundance of potential tactics they can use. For example, they may home in on a school, spoof the institution’s email address to appear as an official body and proceed to send phishing emails to anyone within a five-mile radius of the school after sourcing regional email addresses using geolocation tools.

It was recently announced that children in the UK aged between 12 and 15 will be offered COVID-19 vaccinations – this is exactly the type of news that attackers will look to tap into. They may send out fake emails or create fake websites, for example, asking parents to register their children for vaccination at the school.

Many of these emails and websites will target personal accounts over professional ones. So, where does the threat to organizations lie?

Often, hackers purposefully look to infiltrate personal devices and/or accounts as a means of gaining access to professional credentials. Where personal devices are much less likely to deploy security software, they are much easier to infiltrate. Yet, at the same time, they will often leave breadcrumbs of key information that attackers can find and use to infiltrate the same user’s professional accounts.

A personal email account may reveal the same person’s professional email address. And recent research shows that 48% of workers use the same passwords across both their personal and work accounts, providing hackers with quick and easy lateral movement.  

Therefore, despite holiday-based attacks often focusing on the individual in the first instance, organizations are often the end target. So, how can they better protect themselves?

First comes the simple matter of education and awareness. A study found that 95% of security breaches stem from human error, with poor password hygiene being a critical and common issue. Individuals must be made aware that passwords should not be repeated across professional and personal accounts. If they are, breaches affecting one account can unlock all accounts, making it incredibly easy for attackers to succeed.

In addition, organizations need to be aware of the breadth of risks.

While email is one form of attack vector commonly leveraged for the purposes of phishing and other malicious activities, web browsers are increasingly becoming a high priority for hackers. 

Openreach revealed that UK internet usage more than doubled in 2020, its customers having consumed 50,000 petabytes of data over the 12-month period, compared to 22,000 in 2019. 

Much of this stems from the impact that the pandemic has had on the world of work. 

Offices have been replaced by hybrid and remote working models that are seemingly here to stay, and, as a result, the browser has, in many instances, become the new office. Yet these same browsers are also used for other means, such as entertainment or online shopping. 

Given the growing scope of attack vectors (the combined increase in browser usage and uptick in attacks via the web being one example), organizations must leverage the right solutions to enhance their cyber defenses on all fronts.

CASB, for example, can transform the visibility and control of both email applications and a host of other SaaS applications that may be vulnerable, highlighting weak points that hackers may be able to exploit.

Isolation, meanwhile, is a tool that offers holistic defenses against a host of email, browser, or other threats, acting as a seamless way in which zero trust policies can be instated. 

Isolation moves the points of execution for active content from the endpoint into a disposable, cloud-based container, preventing any malicious content from successfully reaching its target. 

It cuts off an enterprise network from public access, simultaneously prioritizing a sound user experience through the secure, low-latency connections to SaaS applications and other vital work-related resources. And where all content is therefore rendered a remote browser, the user’s machine is effectively shielded from any attack, be it email-based, web-based or other.   

By taking just a few simple steps, organizations can cover all seasonal attack angles comprehensively and effectively.

Comments are closed.