In anticipation of summer vacation periods, cybersecurity leaders prepare for intentional digital misbehavior
With the approach of significant U.S. holidays, authorities and private network defenders are paying close attention to potential cybersecurity risks. The three upcoming holidays where heightened vigilance is warranted are Labor Day (September 1, 2025), Columbus Day (October 13, 2025), and Veterans Day (November 11, 2025).
Recent research by Barracuda reveals a sharp increase in threat activity during the summer of 2022, including increased Microsoft 365 logins from a suspicious origin country and communications from a network to a dangerous IP address. Similarly, Microsoft researchers have referenced a blog about push bombing, a credentials-based attack using bots or scripts to trigger multiple access attempts.
The Memorial Day weekend, marking the unofficial start to the summer travel season, has been a prime target for cybercriminals in the past. In 2021, JBS, a leading global meatpacker, was hit by REvil ransomware, and Kaseya, a Florida-based IT monitoring firm, was struck by a major ransomware attack at the start of the Independence Day holiday.
The Colonial Pipeline compromise began around the Mother's Day weekend in 2021, and the nation's second-largest school system, Los Angeles Unified School District, was hit by a ransomware attack over Labor Day weekend in 2022, resulting in a massive data leak.
Sophisticated hacking groups can take advantage of lengthy downtimes when IT security teams are working with small staffs, corporate employees are on vacation, and schools are on summer hiatus. These groups often send Business Email Compromise (BEC) attacks and phishing links, knowing that employees are more likely to respond during holidays.
Daniel Ahmed, cybersecurity advisor at Corvus Insurance, recommends companies take several steps to prepare for holiday weekends. These include dusting off incident response plans, reviewing vulnerability assessment reports, confirming backup systems, and educating non-security employees about the risk of cyberattacks.
Research also shows legitimate concern about data security during holiday periods. Corporate employees on vacation are susceptible to social engineering or phishing attacks, as they are often away from their normal workstations. In fact, Microsoft notes that 80% of ransomware attacks can often be traced to configuration errors in software and other devices.
Cybereason research finds that companies are largely unprepared for holiday ransomware attacks due to longer understanding times of intrusions, making incidents more difficult to stop and recovery longer. Mike Britton, CISO at Abnormal Security, echoes this sentiment, stating that attackers use this opportunity to send BEC attacks and phishing links.
In light of these threats, it is crucial for organisations to remain vigilant and proactive in their cybersecurity measures during holiday periods. By taking the necessary precautions and staying informed, businesses can help protect themselves from potential cyberattacks.
Read also:
- Industries Under Jeopardy Due to Multi-Accounting: Prevention Strategies Revealed in 2024
- Web3 Esports undergoes transformation as Aylab and CreataChain collaborate for a radical change
- Latest Tech Highlights: Top Gadgets of March 2025
- Developments in Technology Shaping Risk and Regulatory Compliance in 2014
