Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Canvas cyberattack. Show all posts
university cybersecurity attack
Canvas cyberattack Cyber Attacks Instructure Canvas breach ShinyHunters hack university cybersecurity attack

Canvas Cyberattack Disrupts Universities Nationwide, Thousands of Schools Potentially Impacted

 

A major cybersecurity breach has disrupted online learning systems at universities across the United States, including the University of Minnesota and University of Wisconsin, after hackers reportedly targeted Canvas, a widely used learning management platform owned by Instructure
.
The outage began Thursday evening, leaving students and faculty unable to access Canvas for coursework, assignments, grades, and communication tools. Online screenshots circulating on social media appear to show a message from the hacking group ShinyHunters claiming responsibility for the attack. The message allegedly advised affected institutions to “consult with a cyber advisory firm and contact us privately… to negotiate a settlement.”

A spokesperson for the University of Minnesota confirmed the incident in an official statement:

“The University of Minnesota was notified by Instructure, a software and technology supplier of the University, of a cybersecurity incident affecting its clients worldwide. As of today, users are unable to access Instructure’s Canvas system, which is a cloud- and web-based learning management system for online courses, learning materials and communications. University administrators are awaiting updates from the vendor and taking additional measures to protect University information.”

The University of Wisconsin also acknowledged being impacted by the widespread outage.

“At around 3 p.m. today, UW–Madison became aware we are part of a nationwide Canvas outage. We recognize this is occurring at a very challenging time during final exams and grading, and we’re committed to providing you with support and flexibility as we navigate this significant disruption. Multiple teams are working to address this issue.”

University officials further warned students not to respond to any suspicious prompts from Canvas, including requests to log in, click links, or reset passwords during the outage period.

Cybersecurity experts say attacks like this are becoming increasingly common because a single breach can affect thousands of institutions simultaneously. Adam Marre, chief information security officer at Arctic Wolf
, explained:

“Rather than target one institution, one victim, they can get many at once. So in this case, this Canvas software is one that’s used by thousands of educational institutions across the country and therefore it’s a way for these attackers to get highly leveraged on the victim to get them to pay money, so there’s lots of different victims and they can get lots of information with one attack.”

Marre also cautioned users to remain alert against phishing and social engineering attempts following the breach.

“They really need to watch out especially for social engineering attacks. These are the types of attacks that come as emails, texts, direct messages that look innocuous, but they’re really someone trying to trick you, defraud you, do something to further this crime, and so what they want to do is create a sense of urgency to get you to not think, not pause and just act quickly.”

He advised users to avoid clicking suspicious links, directly access platforms through official websites, and ensure multifactor authentication remains enabled on all accounts.

“When attackers get this kind of information or the kind of information that may be involved in this attack, things like emails, names, maybe direct messages, it’s good to remember attackers don’t always use this right away. Often they pause and wait sometimes even months before then using this in phishing attacks and other social engineering attacks.”
Marre added:

“We always need to be on guard when we’re online.”

Canvas is a widely adopted digital education platform used for assignments, lecture videos, grading systems, and academic communication. According to Luke Connolly, a threat analyst at Emisoft
, the hackers claimed that nearly 9,000 schools worldwide may have been affected, with billions of private messages and records potentially exposed.

Experts note that educational institutions have become prime targets for cybercriminals because of the vast amount of sensitive student and staff data they store digitally. Similar attacks in recent years have impacted the Minneapolis Public Schools and the Los Angeles Unified School District.

Connolly stated that the Canvas breach closely resembles a previous cyberattack involving PowerSchool
, another education technology provider. In that earlier incident, a college student from Massachusetts was charged in connection with the breach.

He further described ShinyHunters as a loosely organized group of teenagers and young adults based in the United States and the United Kingdom. The group has previously been linked to several high-profile cyberattacks, including one targeting Ticketmaster
, owned by Live Nation Entertainment
.

Read more »
Subscribe to: Posts (Atom)