Our Thinking | Intercity Technology

While we switch off, attackers switch on

Written by Intercity | Dec 22, 2025 10:05:22 PM

Christmas is a time for celebration and winding down. For cybercriminals, it’s a period of opportunity.

Security researchers have found that around 86% of ransomware attacks occur over weekends or holiday periods, when staffing and monitoring are reduced. It’s a simple tactic. Wait until attention drops, then strike.

Earlier this year, Marks & Spencer was hit by a cyber incident that began over the Easter bank holiday weekend:

  • online orders were paused for around six weeks;
  • the company expects the attack to cost about £300 million in lost profits;
  • the disruption led to a significant fall in its market value over investor concern.

Reduced business hours, increased online activity, and overflowing inboxes create the conditions attackers rely on. Whether you’re at home, at work, or on the move, staying alert over the festive period still matters.

 

At home: Seasonal emails, year-round risk

Your inbox is likely filling up with delivery updates, festive offers, and last-minute purchase confirmations. Attackers know this.

Phishing activity increases by around 46% during December compared with the monthly average, driven by holiday-themed lures like fake delivery notices, special offers, and bogus invoices.

Here’s how to spot the fakes:

  • Look for unusual sender addresses or domains
  • Be wary of unexpected links or attachments
  • Watch for urgent wording designed to make you act without thinking

Remember, not all phishing attempts come from big brands. Criminals are using AI to mimic local businesses and trusted contacts, making scams feel more personal and harder to spot.

If you’re unsure about an email, don’t click links or download attachments. Verify the sender through official channels instead.

 

At work: Reduced staffing, increased exposure

Cybercriminals don’t take time off. They simply wait for quieter moments.

Attackers deliberately time campaigns for when people and businesses are busiest or least staffed, and Christmas shutdowns are a predictable window. Reduced monitoring combined with generic accounts makes organisations more exposed than many realise.

Brute force attacks, where criminals repeatedly guess login credentials, are common during holiday periods, especially against accounts like “admin” or “administrator”.

Steps to secure your systems:

  • Use strong passphrases: Unique, complex passwords or biometric and hardware-based authentication
  • Enable Multi-Factor Authentication (MFA): Especially for all internet-facing accounts
  • Set login limits: Lock accounts after repeated failed attempts
  • Update software: Apply patches before teams break for the holidays

Make sure critical systems remain monitored, even with reduced staff, and set alerts for unusual activity.

 

On the go: Think before you connect

Cybercriminals also take advantage of how we work and shop over the holidays.

Ransomware and phishing campaigns spike during holiday downtime when monitoring drops, while people are travelling, using unfamiliar networks, and juggling personal and work tasks.

To stay safer on the move:

  • Be app-savvy: Only download apps from trusted stores and review permissions
  • Avoid public Wi-Fi: Use a VPN if you must connect
  • Think before you share: Be cautious of unsolicited calls or messages requesting personal or financial information

 

 

Need support this Christmas?

If you're concerned about your security during the holiday period, we can help. With over 40 years of experience supporting UK organisations and as a member of the Microsoft Intelligent Security Association (MISA), we work directly with Microsoft's security teams to deliver solutions that integrate seamlessly with your existing infrastructure.

Here are a few examples of how we can help:

  • Our Managed SOC provides 24/7 monitoring and threat detection
  • Our virtual CISO service helps translate technical risks into business decisions
  • Not sure where you stand? Our Microsoft 365 Security Assessment identifies gaps in your security posture and provides clear, actionable recommendations to strengthen your defences

Whether you need advice, an assessment, or hands-on support, we're here.

 


By taking simple precautions at home, at work, and on the move, you reduce your risk during a period that attackers actively exploit.

From all of us at Intercity, we wish you a safe and happy Christmas 🎄

 

 
View full post