Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Lessons to be Learned: Attacks on Higher Education Proliferate

Trustwave SpiderLabs is wrapping up a multi-month investigation into the threats facing the education sector, across higher education, primary and secondary schools. Trustwave will post the 2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report on February 22, but here are a couple of early findings along with a round-up of some of the higher-profile attacks on education targets that have taken place in the last year.

  • Trustwave researchers conducted a review of Shodan, a search engine that scans all public IP addresses on the Internet and found more than 1.8 million devices related to the education sector, indicating the threat surface is vast. This number far exceeds other industries.
  • The team found proof that threat actors are selling alleged root and VPN access to the AWS infrastructure and other services of well-known US universities.
  • Trustwave SpiderLabs uncovered more than 2,500 public file shares containing potentially sensitive data found in educational institutions and the exploitation of vulnerable third-party printer management software by state-sponsored hackers and ransomware gangs. 

  • Those operating LockBit 3.0 Ransomware make the most claims among all ransomware groups, targeting multiple and diverse public schools and universities globally.
  • Publicly accessible self-hosted password managers were found exposed in various educational organizations, highlighting security risks. 

 

Threat Actors Test the Education Sector 

 

Threat actors have a knack for understanding what targets contain, and the type of information that can be quickly monetized and culled all in one fell swoop. After all, why conduct multiple attacks to track down financial information, Social Security Numbers, driver's license information, and even health data when all that data is housed in one spot?

 

The last 12 months saw dozens of attacks on universities worldwide, but here is a short list of the more notable incidents.

 

The hacker group Vice Society claimed it extracted and published more than 850GB of sensitive data, including passwords, photos of passports, Social Security numbers, and credit card numbers, to the Dark Web. Okanagan confirmed the claim in a statement: "Data that appears to belong to Okanagan College and its stakeholders has been posted on a dark website belonging to a criminal organization." This attack potentially impacted 16,000 students and 1,200 staff. 

 

May 2023 - Bluefield University: In Virginia, hackers hijacked the school's emergency alerts system and used it to issue threats directly to students and faculty. The attackers said the stolen files would be leaked online if the university did not pay their demand. The attacker posted: "We have admissions data from thousands of students. Your personal information is at risk to be leaked on the darkweb blog. If we don't receive payment, full data leak will be published!!!!!!!!"

 

June 2023 - The University of Manchester: With over 10,000 staff and 45,000 students, the university confirmed it had been successfully attacked, and data belonging to alumni and current students was accessed and removed. In a statement, The University of Manchester stated, "It has been confirmed that some of our systems have been accessed by an unauthorized party and data have likely been copied."

 

August 2023 - Carnegie Mellon University: After the Information Security Office at CMU detected suspicious activity on its computer system, the school launched an investigation and recovery operation, revealing that an unauthorized external actor had accessed the CMU computer system. After months of investigation, assistance from law enforcement, and a comprehensive review of the event, CMU deduced that the threat actor "may" have copied files that contained personal information. The institution released a notice in January that the incident had occurred.

 

August 2023 – University of Michigan: U-M took the extreme step of partially disconnecting its network from the Internet after suffering what it described as a "significant security concern." The school believed the unauthorized third party could access personal information relating to certain students, applicants, alumni, donors, employees, contractors, University Health Service and School of Dentistry patients, and research study participants. The impacted information included Social Security numbers, driver's license or other government-issued ID numbers, financial accounts or payment card numbers, and health information.

 

Trustwave Threat Intelligence

 

The upcoming Trustwave SpiderLabs report is the latest in a year-long series that has addressed security concerns and is part of an ongoing research project studying how cybercriminals attack various vertical markets. The reports offer insights into the threat groups, tactics, and mitigation processes organizations can put in place to protect themselves.

 

To gain a more comprehensive understanding of the overall situation, please also read:

 

Trustwave will host a webinar breaking down the 2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies on Thursday, February 22, 2024 at 9:00am CST | 3:00pm GMT. Please click here or the image below to register.

 

 

 

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo