Post-Festive cybersecurity risks

As we have entered the new working year after the festive break, individuals and organisations are reminded that the beginning of the year is one of the most active periods for cybercrime. The start of the year has become one of the most critical months for cybersecurity. While many people associate cyber threats with the busy holiday period in December, the weeks after the holidays are often even more at high risk of cyber security threats.

During the festive period, many employees travelled with their work laptops, connected to public or home Wi-Fi, and sometimes used work devices for personal activities such as social media, streaming, or online shopping. When those devices reconnect to corporate networks as the year starts, any malware or hidden infections picked up during the holidays can spread silently inside organisational systems. At the same time, many users forget passwords, reuse old ones, or rush through account recovery processes, creating opportunities for attackers to exploit weak authentication and compromised credentials.

Phishing and social engineering attacks

One of the most common threats remains phishing. Employees and executives alike should expect an increase in fake emails and messages. These messages are carefully crafted to create urgency or emotional appeal, encouraging recipients to click malicious links, download malware, or disclose login credentials. Attackers often impersonate trusted brands or service providers, making the scams very convincing.

Business email compromise

The resumption of business operations in January creates ideal conditions for Business Email Compromise (BEC). Attackers actively exploit year-end payment cycles, and backlogged financial processes to send fraudulent emails requesting urgent actions, such as emergency payments, changes to supplier bank details, or the release of sensitive financial information.

These emails often impersonate senior executives, finance managers, or trusted vendors and rely on urgency, authority, and reduced verification procedures to succeed. Messages may claim that a payment must be processed immediately, that a supplier’s banking details have changed, or that a confidential transaction must be handled discreetly.

As per the norm, finance teams are under pressure to clear outstanding invoices and resume operations quickly after the holidays. Verification controls are sometimes relaxed, increasing the likelihood of successful fraud.

The rise of WhatsApp account hijacking scams

A growing and particularly concerning threat during the festive season was the large-scale hijacking of WhatsApp accounts through sophisticated phishing campaigns. Recent threat intelligence has identified an active global operation, commonly referred to as the HackOnChat campaign, targeting WhatsApp users across regions. Attackers deploy fraudulent websites that closely mimic legitimate WhatsApp web and security verification pages, exploiting trust in the platform to compromise user accounts.

Two (2) primary techniques are used. In the first, victims are tricked into scanning a QR code or entering a pairing code on a fake WhatsApp web page, unknowingly linking their account to an attacker-controlled session. In the second, victims are lured into entering their phone number and a One-Time Password (OTP) on a phishing page, allowing attackers to fully take over the account.

Once compromised, WhatsApp accounts are weaponised. Attackers impersonate the victim to contact friends, colleagues, or business partners, requesting urgent financial assistance, sensitive information, or further OTPs. Because these messages originate from a trusted contact, recipients are significantly more likely to comply without verification, leading to rapid financial loss and further spread of the scam.

Ransomware and attacks on unattended systems

Ransomware operators deliberately target holiday periods when monitoring and response capabilities are reduced. Attacks are often launched during long weekends or shutdown periods, with encryption remaining unnoticed until staff return. Unpatched Virtual Private Network (VPN) appliances, exposed remote access services, and weak administrative credentials are common entry points. In several cases globally, attackers have also targeted backup systems during the holidays, reducing organisations’ ability to recover without paying ransom demands.

Reducing cyber risk

Organisations should ensure continuous monitoring and incident response coverage, enforce multi-factor authentication across all critical systems, and complete patching and security testing before staff go on leave. Equally important is staff awareness. A simple post-holiday reminder encouraging employees to remain cautious of password changing emails, verify payment requests, and report suspicious activity promptly can prevent incidents from escalating. As we prepare to start the year, it is important to recognise that cyber threats do not take holidays they exploit them.