A hacker’s wishlist for Christmas

Daphne Frik

21 December 2023

Each year, cyberattacks increase dramatically during the holiday season. Criminals know how to take advantage of a busy season in which companies endure chaos and employees are busy, stressed, tired, and ready for a break.

With the influx of emails during this season, it can be harder for employees to distinguish between an actual email from a colleague or a malicious email from a hacker trying to gain access to the company’s network. A mistake is easily made – it only takes one employee to click on a malicious link.

In addition, many employees take time off, leaving companies’ IT & cybersecurity teams understaffed. Hackers play into this and can even go as far as tracking the employees’ out-of-office emails to keep track of when vital employees are offline so they can strike. This combination of factors leads to a higher risk of cybercrimes like ransomware attacks, DDoS attacks, and SWL injections.

All I want for Christmas is your data

In 2019, the University of Maastricht was hit by a ransomware attack on Christmas Eve, which locked hundreds of servers and backup systems, leading to problems for the 25,000 students and employees as they could no longer access their data, library, and email. After a week, the university paid 200,000 euros in Bitcoin to the attackers to prevent personal data from being stolen.

Fortunately for the university, the Dutch police and the public prosecution service (Openbaar Ministerie) were able to seize and recover the Bitcoins in 2022, de Volkskrant reported. As they had increased in value, the university now received 500,000 euros worth of Bitcoins.

On December 21 of last year, the IT team of Nova College in Haarlem discovered suspicious activity on their network, which resembled the start of a ransomware attack. To prevent a situation like the one in Maastricht, IT experts decided to take a drastic measure and shut down the entire network of Nova College so that hackers would not be able to access any computers anymore. After a full Christmas period of work by IT experts, the school was able to prevent further damage and reopen its network.

Yet, most cyberattacks do not have such a happy ending. Legal, financial, and reputational consequences can be far-reaching for companies and organizations.

It’s beginning to look a lot like cybersecurity

To prevent hackers from fulfilling their Christmas dreams, make sure to formulate your own wish list. Are your systems up to date? Have you patched and fixed all vulnerabilities? Have you conducted a pre-holiday audit and educated your employees about the risks during this season? And most importantly, do you have an emergency strategy in place?

If you have been good this year, you will be able to give your colleagues and clients the present of a relaxing, safe, and undisturbed holiday season.