Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Trustwave SpiderLabs is wrapping up a multi-month investigation into the threats facing the education sector, across higher education, primary and secondary schools. Trustwave will post the 2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report on February 22, but here are a couple of early findings along with a round-up of some of the higher-profile attacks on education targets that have taken place in the last year.
Trustwave SpiderLabs uncovered more than 2,500 public file shares containing potentially sensitive data found in educational institutions and the exploitation of vulnerable third-party printer management software by state-sponsored hackers and ransomware gangs.
Threat actors have a knack for understanding what targets contain, and the type of information that can be quickly monetized and culled all in one fell swoop. After all, why conduct multiple attacks to track down financial information, Social Security Numbers, driver's license information, and even health data when all that data is housed in one spot?
The last 12 months saw dozens of attacks on universities worldwide, but here is a short list of the more notable incidents.
The hacker group Vice Society claimed it extracted and published more than 850GB of sensitive data, including passwords, photos of passports, Social Security numbers, and credit card numbers, to the Dark Web. Okanagan confirmed the claim in a statement: "Data that appears to belong to Okanagan College and its stakeholders has been posted on a dark website belonging to a criminal organization." This attack potentially impacted 16,000 students and 1,200 staff.
May 2023 - Bluefield University: In Virginia, hackers hijacked the school's emergency alerts system and used it to issue threats directly to students and faculty. The attackers said the stolen files would be leaked online if the university did not pay their demand. The attacker posted: "We have admissions data from thousands of students. Your personal information is at risk to be leaked on the darkweb blog. If we don't receive payment, full data leak will be published!!!!!!!!"
June 2023 - The University of Manchester: With over 10,000 staff and 45,000 students, the university confirmed it had been successfully attacked, and data belonging to alumni and current students was accessed and removed. In a statement, The University of Manchester stated, "It has been confirmed that some of our systems have been accessed by an unauthorized party and data have likely been copied."
August 2023 - Carnegie Mellon University: After the Information Security Office at CMU detected suspicious activity on its computer system, the school launched an investigation and recovery operation, revealing that an unauthorized external actor had accessed the CMU computer system. After months of investigation, assistance from law enforcement, and a comprehensive review of the event, CMU deduced that the threat actor "may" have copied files that contained personal information. The institution released a notice in January that the incident had occurred.
August 2023 – University of Michigan: U-M took the extreme step of partially disconnecting its network from the Internet after suffering what it described as a "significant security concern." The school believed the unauthorized third party could access personal information relating to certain students, applicants, alumni, donors, employees, contractors, University Health Service and School of Dentistry patients, and research study participants. The impacted information included Social Security numbers, driver's license or other government-issued ID numbers, financial accounts or payment card numbers, and health information.
The upcoming Trustwave SpiderLabs report is the latest in a year-long series that has addressed security concerns and is part of an ongoing research project studying how cybercriminals attack various vertical markets. The reports offer insights into the threat groups, tactics, and mitigation processes organizations can put in place to protect themselves.
To gain a more comprehensive understanding of the overall situation, please also read:
Trustwave will host a webinar breaking down the 2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies on Thursday, February 22, 2024 at 9:00am CST | 3:00pm GMT. Please click here or the image below to register.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.