Security researchers have long marveled at one of the most pervasive and persistent threats that hits each year in late December. Dubbed “Santa Claus,” this North Pole-based adversary uses a Chimney loader to deposit a payload named “presents.exe” before erasing any cookies from the system. Santa Claus is known to target home networks with young end users, impacting hundreds of millions of victims every year.
To-date, the Santa Claus attack has not proven to be damaging. In fact, many welcome the puzzling annual intrusion as a ritual of the season. But as security professionals are all too aware, Santa Claus may not be the only adversary that they face over the holidays. Threat actors often time their attacks for when they know security teams will be taking time off and slower to detect, investigate, and respond.
We have your back. To make sure you protect yourself this holiday season, keep in mind the following best practices:
- Make sure you’re current with patches, updates, and backups. The recent Log4j attack served as a very painful reminder of the need to keep up-to-date with application version updates and security patches. Attackers scan for vulnerable applications and infrastructure every day. Before you leave for any holiday break, make sure that your systems are protected from known exploits by updating them, and ensure that you have current backups of your data in case you need them.
- Update your incident response plan. Your security team (and that of your security partners and vendors) may be slimmed down over the coming weeks, so you should know who is contactable, and how. Assess various attack scenarios and determine whether the holidays impact your incident response and disaster recovery playbooks.
- Educate users to be cautious while on break. The holidays can mean changes in end user behavior, particularly increases in shopping and travel—both of which pose cybersecurity risks. Educate your users to be wary of seasonal-themed phishing scams. If they are traveling, ensure that they take extra care of the physical security of their devices and to use a proxy if they need to connect to public WiFi.
As always, Zscaler will be here actively monitoring and maintaining protections to help keep our customers safe. Should you need us, do not hesitate to reach out. Wishing you and your family a wonderful holiday!
For more guidance for the new year based on 2021 attack trends, see “Cybersecurity Lessons to Carry into 2022.”
