The 7 Most Common Types of Cyber Attacks During the Holiday Season

No matter your industry, the end-of-year holiday season is typically a busy time. Unfortunately, it’s also a busy time for cyber criminals. Enterprise organizations are particularly vulnerable to modern data breaches and other attacks during the holidays, which means you must be especially vigilant about guarding against them.

To build an effective defense, you first have to understand the most common types of cyber attacks that occur during the holidays — and why threat actors are particularly active this time of year. With that knowledge, you can enact a comprehensive data loss prevention strategy and lead your company through a successful holiday season.

‍

Why the holiday season is synonymous with cyber threats

In the classic holiday film “Home Alone,” two burglars plan to rob every house on an affluent street in the lead-up to Christmas. It’s the perfect time to strike, as the inhabitants are distracted by holiday preparations and getting ready to travel to see friends and family. By Christmas Eve, most of the residents of the charming Chicago neighborhood are far away, and home security is the last thing on their minds. That leaves their houses vulnerable to intruders.

Cyber criminals operate under the same basic principle. Because the end-of-year holidays are such a hectic time for most organizations, IT departments and leadership teams are already stretched thin. On top of that, many businesses shut down for the last week of the year to give their employees a peaceful break. Strategically, it’s the ideal time to launch a cyber attack.

That’s not a hypothetical scenario. According to a report from Semperis, 72% of cyber attack victims are targeted on a weekend or holiday. The United States government has issued a similar warning, stating, “The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends — when offices are normally closed — in the United States.” In 2023, retailer Staples was the victim of a cyber attack on Cyber Monday, one of the busiest shopping days of the year.

In “Home Alone,” the bad guys were eventually thwarted by a clever eight-year-old and a series of elaborate traps. In real life, the best defense against cyber criminals is knowledgeable, proactive leadership. Once you’re familiar with the most common types of cyber attacks that occur this time of year, you’ll be better equipped to prevent them.

‍

7 common types of cyber attacks during the holidays

Ransomware attacks

As noted above, 72% of cyber attacks take place on a weekend or holiday. When it comes to ransomware attacks specifically, that number goes up to 86%. Ransomware is a type of malware that blocks access to organizations’ critical systems, essentially holding them hostage until the organization pays a large sum. Cyber criminals use a number of tactics to deploy ransomware, including credential theft (more on that below), purchasing credentials from the dark web, and using “ransomware-as-a-service” kits.

These attacks aren’t new; in fact, they’re one of the oldest types of cyber attacks. However, they’ve evolved in the modern era, making cloud-based businesses with remote workforces particularly vulnerable. According to Microsoft Chief Security Advisor Sarah Armstrong-Smith, even if organizations pay the ransom, they often still suffer the consequences: “You should assume that your data is gone. It’s very likely that it's already been sold and is already on the dark web… The reality is that only 65% of organizations actually get their data back.”

Credential theft

We often think of cyber criminals as sophisticated hackers using advanced coding knowledge to break into secure systems. The reality is that many of these threat actors are simply walking in the proverbial front door using legitimate credentials. They gain access to valid usernames and passwords through social engineering, the dark web, or other means — and once they have that information, they can access your protected data. This is why enforcing zero-trust strategies like multi-factor authentication, continuous authentication, and the principle of least privilege is so important.

Payment card data theft

Every family has its holiday traditions, but there is one most of us share: shopping. The average consumer spends $1,638 throughout the holiday season, which adds up to an estimated $984.3 billion in spending for Americans during the 2024 end-of-year holidays. With 30.1% of those sales expected to take place online, that’s a lot of credit card numbers entered into various systems without a second thought.

What happens when threat actors manage to redirect this data from the third-party vendors that process these credit card payments, such as the Oregon Zoo breach of 2024? In that case, the redirected payments weren’t noticed for six months, leaving 117,815 customers with potentially compromised payment information. That’s not a message you want to send your own customers and clients during the most celebratory time of the year.

Typosquatting attacks

Also known as URL hijacking, typosquatting refers to the use of fake websites to impersonate legitimate businesses. The URLs will generally be almost identical, meaning it only takes a simple typo for an unsuspecting consumer to end up on a fraudulent website. These attacks are especially prevalent during the holidays, as consumers are often in a rush to complete their shopping. According to Chris Novak, Verizon’s Vice President of Cybersecurity Consulting & Sales, “Threat actors take advantage of the lure of time-sensitive offers during Black Friday and Cyber Monday to acquire valuable personal information.”

Even if your company had nothing to do with the typosquatters’ actions or fake website, an attack can still damage your reputation. On top of that, all it takes is for one employee to do their holiday shopping on a work device to expose your organization to a data breach. This is why many companies register variations on their main website’s URL and educate their employees about the dangers of typosquatting.

Phishing and smishing

Like ransomware, phishing attacks have evolved alongside modern technology. A type of social engineering, phishing originated in the 90s, with threat actors using instant messaging services to exploit unsuspecting users. In the following decades, threat actors moved on to email and, most recently, text messages, which has given rise to the term “smishing” or “SMS phishing.”

For example, an employee might get a text from someone claiming to be the CEO of their company. These messages typically instill a sense of urgency — perhaps an important task with a tight deadline. The so-called CEO might ask the employee to help them log in to critical work systems, making an excuse about why they can’t do so at the moment. During the holiday season, these attacks often come from threat actors posing as retailers, gift card distributors, or delivery companies.

DDoS attacks

When is the absolute worst time for your website to go down? For many companies, the answer is Black Friday or Cyber Monday, making these shopping holidays the perfect time for distributed denial of service (DDoS) attacks. These types of cyber attacks flood websites with bot-driven traffic, overwhelming the servers and forcing the website to go offline. The threat actors behind the attacks then attempt to extort site owners in exchange for money or other demands. Preventing DDos attacks requires a comprehensive, layered security solution and vigilant vulnerability monitoring.

Supply chain attacks

In some cases, cyber criminals might not attack you directly; instead, they’ll target the vulnerabilities of third-party vendors within your supply chain. One of the most prominent real-world examples is the 2020 SolarWinds hack in which hackers deployed malicious code into Orion, an IT performance monitoring system within SolarWinds’ supply chain. From there, Orion acted as a back door through which the threat actors could gain access to unsecured data.

The fallout from this breach was significant. Tens of thousands of organizations were affected, prompting the U.S. government to issue a response. SolarWinds and several other large organizations appeared before the Senate Select Intelligence Committee and the House Committees on Homeland Security and Oversight and Reform. To prevent supply chain attacks going forward, the Government Accountability Office recommends assessing supply chain risks, enforcing stringent security measures, and developing procedures for detecting counterfeit or compromised third parties.

‍

Stay merry and bright with comprehensive data loss prevention

What’s one thing every type of cyber attack on this list has in common? They can all be mitigated with a strong data loss prevention (DLP) strategy. Lookout has designed our cloud-native DLP to provide peace of mind in hybrid work environments. We do this by protecting data at every turn, whether it’s stored in an email, SaaS and private apps, company devices, or the web at large. Learn more about Lookout DLP by signing up for SSE Hands-on Labs or scheduling a demo.