Cyber criminals customarily "infiltrate" a network before Christmas, then “lie in wait for the optimal time to launch an attack,” said a White House memo Thursday urging corporate executives and business leaders to protect against “malicious cyber activity” before the holidays. “It is therefore essential that you convene your leadership team now to make your organization a harder target for criminals,” it said. “Best practices” should be deployed immediately, including updating patching, changing passwords, mandating multifactor authentication and raising “employee awareness” of cyberthreats, it said. “Reinforce the imperative” among workers to report computers or phones “exhibiting any unusual behavior” to deny criminals “the initial entry into your systems that allows them to execute attacks over the holidays,” it said.

Bitdefender filed a confidential F-1 draft registration statement with the SEC for a proposed initial public offering of common stock, said the cybersecurity company Monday. The timing, price range and number of shares for the proposed IPO haven't been decided, it said.

Email security firm Egress found a surge in phishing kits imitating major brands in the lead-up to Black Friday, warning Tuesday that cybercriminals are stepping up their phishing attacks over the holiday shopping season. It reported a 397% increase in typo squatting domains tied to phishing kits. Amazon was the top brand for fraudulent webpages; researchers observed almost 4,000 pages imitating Amazon.com, three times that for eBay and four times as many as for Walmart, Egress said. Cybercriminals often disguise malicious attacks as retailer offers, order confirmations or delivery confirmation emails, it said. In the week before Black Friday, researchers uncovered 200 new phishing kits containing imitation Amazon emails available on dark and clear web forums, with some retailing for $40. One listing offered multiple language support, the ability to obtain credentials for a range of email providers and the option to prompt victims to take and submit pictures of their credit cards. Another offered automated IP address checks to prevent automated security tools from scanning the link, Egress said.

Global revenue from SMS firewalls is projected to reach $4.1 billion in 2026, rising from $911 million in 2021 and representing “absolute growth” of roughly 350%, reported Juniper Research. It defines this as third-party solutions that reside within wireless networks, enabling real-time monitoring of network traffic to enhance capabilities of blocking fraud. Failure to adopt SMS firewalls can leave service operators vulnerable to diminished revenue from business messaging, “as fraudsters mask business messaging traffic to avoid termination fees,” it said Tuesday. Juniper projects that the volume of business messaging traffic monitored by SMS firewalls will increase from 3.1 trillion transactions in 2021 to 4.4 trillion in 2026.

False assumptions about ransomware threats are undermining the benefits of cloud adoption, reported data protection vendor Veritas Technologies. Veritas canvassed 11,500 office workers from the U.S. and eight other countries, finding 47% think data in the cloud is safer from ransomware because they assume their cloud providers are protecting it from malware they might accidentally introduce, said the company. “This is a fundamentally incorrect assumption that will continue to put businesses at risk until it’s thoroughly debunked,” said Veritas. The survey found employees aren't “forthcoming” with their organizations about ransomware incidents, it said. Just 30% of respondents said they would immediately confess mistakes that introduced ransomware into their organizations. Another 35% said they would either do nothing or pretend it hadn't happened, and 24% said they would omit their own guilt as they report the incident.

The Cybersecurity and Infrastructure Security Agency should assess the effectiveness of its programs related to communications sector security, GAO recommended Tuesday. CISA’s director should coordinate with sector stakeholders and deliver a revised sector-specific plan, the auditor said. The Department of Homeland Security concurred.

Organizations need to “remain vigilant” against ransomware attacks and other cyberthreats, warned the Cybersecurity and Infrastructure Security Agency and FBI Monday. Groups and enterprises need to deploy “multi-factor authentication” for remote access and administrative accounts, and should mandate “strong passwords and ensure they are not reused across multiple accounts,” said the agencies. “Remind employees not to click on suspicious links, and conduct exercises to raise awareness,” they said. “Review and, if needed, update incident response and communication plans that list actions an organization will take if impacted by a ransomware incident.” Though CISA isn't aware of a specific threat, “we know that threat actors don’t take holidays,” said Director Jen Easterly. Cybercriminals “have historically viewed holidays as attractive times to strike,” said FBI Cyber Assistant Director Bryan Vorndran. “We urge network defenders to prepare and remain alert over the upcoming holiday weekend.”

The holiday season is also cybercrime season, reported fraud deterrence platform Arkose Labs Tuesday. “Attacks have steadily increased over 2020, becoming more frequent, launching on a larger scale, and initiating with greater sophistication,” it said. It projects that 8 million attacks will occur daily during the 2021 holiday shopping season. Fraud “has a new face” in the form of digital businesses “experiencing a massive surge of fake new accounts,” said Arkose. It detected 560 million malicious attempts on “registration flows last quarter,” four times more than at the beginning of the year, it said: “These fake accounts open the doors to downstream fraud that directly impacts the bottom line of e-commerce firms.” As more customers open digital accounts, “account takeover attempts fueled by large-scale credential stuffing soon follow,” it said. In a credential stuffing attack, cybercriminals funnel stolen user names and passwords through an automated process to try to gain access to online accounts. Arkose said it stopped 3 billion credential stuffing attacks over the past year, nearly double the rate of the previous 12 months.

A 22-year-old Ukrainian national was arrested and charged with the ransomware attack on Kaseya (see 2109210055), DOJ announced Monday. Authorities seized $6.1 million linked to alleged ransomware attackers, the department said. An indictment unsealed Monday charged Yaroslav Vasinskyi with “conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya.” Officials traced the alleged payments to Yevgeniy Polyanin, a 28-year-old Russian national, who was “charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims” in Texas in 2019, DOJ said. The department credited Ukrainian authorities for assisting with the efforts.

A bipartisan group of senators introduced an amendment to the National Defense Authorization Act Friday that would require critical infrastructure operators to report major cyber incidents to the federal government. Senate Homeland Security Committee Chairman Gary Peters, D-Mich., and ranking member Rob Portman, R-Ohio, introduced the amendment with Senate Intelligence Committee Chairman Mark Warner, D-Va., and Sen. Susan Collins, R-Maine, as expected (see 2110060077). Companies and federal agencies would have to report to the Cybersecurity and Infrastructure Security Agency within 72 hours of an incident, and most entities would have to report ransomware payments. The amendment is based on legislation passed by the Senate Homeland Security Committee.