Back to all posts

It’s the most wonderful time of the year... for cyber attacks

December 14, 2023
Cyber Security

As the festive season approaches, businesses can expect a significant spike in cyber attacks


Hackers strike businesses when they are most vulnerable, like during long weekends and holiday periods.  

So, before you turn on your Out of Office responder for the holidays, make sure you have your business security measures up to date.

Generally, the holidays mean computer systems are often unattended, security operations centres are short-staffed and we're all feeling merry. The result? Businesses and organisations are more vulnerable to cyberattacks.

While cyber-attacks happen year-round if you're not careful, recent years show a dramatic spike in phishing attacks in December compared to the rest of the year.  A UK based study even found a 70% average increase in attempted ransomware attacks in November and December compared to January and February of that same year.

Now you might be thinking "I won't even be at my desk, so this doesn't apply to me", but we're all a bit guilty of just quickly checking our emails on our mobile phones, right?

With mobile devices increasingly becoming targeted by phishing attacks, it's essential to note that cyber security no longer only applies to your computer on your desk - but to that tiny computer in your pocket too.

A 2023 Lookout report found that the highest rate of mobile phishing in history was observed in 2022, with half of the mobile phone owners worldwide exposed to a phishing attack every quarter. With phishing attacks getting stealthier each year, this number is sure to increase if you neglect to put mobile security front and centre.

“The share of mobile users in enterprise environments clicking on more than six malicious links annually has jumped from 1.6% in 2020 to 11.8% in 2022, indicating that users are having a tougher time distinguishing phishing messages from legitimate communications”  


What are the most common cyber scams and how can you spot them?

Phishing emails and fraudulent websites

One of the most well-known scams is phishing, where attackers send out fraudulent emails or messages to trick recipients into downloading malicious links or providing sensitive information like passwords and credit card details. Phishing attacks and fraudulent websites can be exceptionally perilous to businesses, resulting in financial damage and compromised security. In recent years, there has been an alarming increase in phishing attacks, with more than 4.7 million reported cases in 2022 alone.  

These attacks use various deception techniques to trick individuals into revealing confidential information or clicking on malicious links.

How can you prevent falling victim to phishing attacks?

First and foremost, regular communication with the team about phishing attacks is crucial. By staying informed and educated about the latest phishing techniques and how to report them, you and your teams can be more vigilant and cautious.

Implement email and web filters to help identify and block phishing emails and malicious websites.

Additionally, focusing on the basics, such as maintaining strong password hygiene, using two-factor authentication, and regularly updating software and security systems, plays a significant role in preventing phishing attacks

Remember; if something seems off, it probably is. Trust your gut.

Malware and Ransomware attacks

Malware and ransomware attacks are malicious methods where harmful software is installed on computer systems or networks, with malware seeking unauthorised access or causing damage, while ransomware encrypts data and demands a ransom for its release. A 2023 UK GOV report found that 73% of UK organisations experienced ransomware attacks over a 12-month period, it's essential to take proactive steps to detect and respond to possible threats.

Use caution when opening links or attachments from unfamiliar sources, carefully scrutinise emails for spelling and grammar errors, and be wary of urgent or threatening messages that request sensitive information. Additionally, implementing security measures like firewalls and anti-virus software can help prevent malware installations and detect suspicious activity online

Threat actor strategies and tactics like poorly configured remote desktop protocols

Threat actors employ various strategies and tactics to exploit vulnerabilities and gain unauthorised access to computer systems, and one tactic they use is taking advantage of poorly configured remote desktop protocols (RDP).  

Remote desktop protocols allow users to access and control computers remotely, but when they are not set up properly, they can become a weak point in the system's security.  

Threat actors often search for open RDP ports and use methods like brute force attacks or credential stuffing to try and gain access.  

Once they get in, they can deliver harmful software, carry out unauthorised commands, steal data, or set up ways to attack again in the future.  

To protect against this risk, make sure your RDP ports are set up correctly with strong passwords, multi-factor authentication, and network segmentation to reduce the chances of a successful attack by threat actors. Regular security audits and monitoring are also important for detecting and responding to any possible vulnerabilities or suspicious activities.

Cybersecurity best practices for the holidays (and year-round):

  • Don’t give out vital information in your OOO message. If possible, use a generic out-of-office messages for external recipients, or restrict automatic responses to internal contacts.
  • Make and maintain offline, encrypted backups of data and regularly test backups
  • Schedule security employees to be "on call" during holidays
  • Ensure all software (including phone operating systems) is up to date
  • Ensure strong passwords that are not reused across multiple accounts or stored on a system where an adversary may have access
  • Implement two-factor authentication for all accounts and systems
  • Educate teams on recognising and reporting phishing attempts

In conclusion, having a robust security plan in place is essential to protect against various threats and attacks.  

By implementing strong security measures, you can safeguard your teams, systems and sensitive data from unauthorised access and potential damage.  

With the festive period so close, it can seem overwhelming, so collaborating with a trusted business telecoms provider can help to alleviate the stress of managing security issues internally.  

As a reliable business telecoms provider, we are committed to delivering secure and reliable solutions that help our clients mitigate risks and focus on their core operations with peace of mind.

If you have any questions at all, don't hesitate to contact us at

Back to all news