Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Canvas cyberattack. Show all posts
ShinyHunters
Academic Network Security Canvas cyberattack Data Breach Education Sector Security Phishing Threats Ransomware Attack ShinyHunters

Ransomware Attack Disrupts Grading Platform Used by LBUSD Cal State and LBCC


 

A cyberattack linked to the ShinyHunters extortion group temporarily disrupted educational operations across a number of educational institutions in the United States, causing concern over the potential exposure of sensitive student and faculty data. These institutions continued to restore access to Canvas this week. Although several universities and school districts have been able to resume normal access following recovery efforts coordinated by Canvas parent company Instructure, the incident continues to affect portions of the education sector. 

Administrators have assessed the broader impacts of the breach and reviewed claims regarding the compromise of data belonging to hundreds of millions of platform users around the world. After the incident was triggered on Thursday, teachers and students at Long Beach Unified School District, California State University Long Beach and Long Beach City College were suddenly unable to access Canvas, the cloud-based platform widely used for coursework, grades, assignments and internal communication, the operational impact of the incident became more apparent. 

According to district officials, they were informed earlier this week that Instructure, the company which provides Canvas, had discovered that certain user-identifying information related to customer environments had been accessed without authorization. In spite of the company's initial assertion that the incident had been contained and that core platform operations continued, educators later reported that login attempts redirected users to ransom-style messages allegedly associated with the ShinyHunters cybercriminal group upon attempting to log in.

Apparently, the notice instructed affected institutions to engage a cyber advisory firm and negotiate payment terms before a specified deadline otherwise compromised data could be exposed to the public. Despite the fact that the full extent of the intrusion is still under investigation, notifications sent to campus users indicate that names, email addresses, institutional identification numbers, and confidential communications may have been compromised. 

A response from Instructure was that portions of the platform environment had been disabled, the underlying vulnerability had been rectified, digital forensic specialists were engaged, and federal authorities, including the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, were coordinated. 

A significant number of academic institutions are experiencing the disruption at the same time, with final examinations at California State University Long Beach rapidly approaching. Since Canvas serves as the primary repository for instructional content, coursework, and student records, several educators have described the outage as operationally disrupting, even though some teachers have been able to maintain continuity by using externally hosted materials and collaboration tools through Google. 

Cybersecurity experts caution that, while the current incident has mainly disrupted colleges and universities, K-12 institutions have also faced repeated operational and data security challenges related to attacks against the education technology infrastructure. Researchers referred to the Los Angeles Unified School District cyberattack of 2022, when a ransomware-related intrusion disabled critical district systems over Labor Day weekend, disrupting internal communication, attendance tracking, and classroom instruction. 

Approximately 2,000 student assessment records, together with additional sensitive information, including driver’s license numbers and Social Security numbers accumulated over multiple years, were later published on the dark web as a result of the incident. Recovery efforts lasted for weeks during which administrative and technical staff restored systems and coordinated password resets for over 600,000 user accounts.

According to security researchers, incidents associated with platforms such as Canvas can create long-term phishing and social engineering risks even after services have been restored. A Norton security analyst, Luis Corrons, emphasized that information exposed by the company includes names, institutional email addresses, student identification numbers, and internal academic communications, which could provide threat actors with the necessary context to create highly convincing phishing campaigns impersonating legitimate school notifications regarding grades, coursework, financial aid, and password resets.

In addition to Anton Dahbura's concerns, the executive director of the Johns Hopkins University Information Security Institute advised institutions that residual risk may continue to exist after platform access has been restored, and cautioned against operating under this assumption. According to Dahbura, colleges and universities should encourage students and employees to change their passwords, review authentication tokens, and audit integrations with third-party platforms connected to Canvas environments. 

Likewise, colleges and universities should keep a close eye on follow-on phishing activity targeting them. Further, he emphasized that higher education is increasingly reliant on a single instructional platform, which represents a systemic risk as a whole. He advised academic institutions to develop resilience plans, implement additional security controls, and develop alternative instructional workflows that can support continuity during prolonged service interruptions. 

A centralized cloud-based learning infrastructure in the educational sector has further increased the cybersecurity vulnerability of the sector. As a result of a single third party platform compromise, thousands of academic institutions may be disrupted simultaneously if a single compromise occurs.

A continuing forensic investigation and recovery effort will require security teams on affected campuses to focus on credential protection, phishing monitoring, and access-review procedures, while assessing the degree of integration instructional platforms, such as Canvas, have made with broader institutional networks.
Read more »
university cybersecurity attack
Canvas cyberattack Cyber Attacks Instructure Canvas breach ShinyHunters hack university cybersecurity attack

Canvas Cyberattack Disrupts Universities Nationwide, Thousands of Schools Potentially Impacted

 

A major cybersecurity breach has disrupted online learning systems at universities across the United States, including the University of Minnesota and University of Wisconsin, after hackers reportedly targeted Canvas, a widely used learning management platform owned by Instructure
.
The outage began Thursday evening, leaving students and faculty unable to access Canvas for coursework, assignments, grades, and communication tools. Online screenshots circulating on social media appear to show a message from the hacking group ShinyHunters claiming responsibility for the attack. The message allegedly advised affected institutions to “consult with a cyber advisory firm and contact us privately… to negotiate a settlement.”

A spokesperson for the University of Minnesota confirmed the incident in an official statement:

“The University of Minnesota was notified by Instructure, a software and technology supplier of the University, of a cybersecurity incident affecting its clients worldwide. As of today, users are unable to access Instructure’s Canvas system, which is a cloud- and web-based learning management system for online courses, learning materials and communications. University administrators are awaiting updates from the vendor and taking additional measures to protect University information.”

The University of Wisconsin also acknowledged being impacted by the widespread outage.

“At around 3 p.m. today, UW–Madison became aware we are part of a nationwide Canvas outage. We recognize this is occurring at a very challenging time during final exams and grading, and we’re committed to providing you with support and flexibility as we navigate this significant disruption. Multiple teams are working to address this issue.”

University officials further warned students not to respond to any suspicious prompts from Canvas, including requests to log in, click links, or reset passwords during the outage period.

Cybersecurity experts say attacks like this are becoming increasingly common because a single breach can affect thousands of institutions simultaneously. Adam Marre, chief information security officer at Arctic Wolf
, explained:

“Rather than target one institution, one victim, they can get many at once. So in this case, this Canvas software is one that’s used by thousands of educational institutions across the country and therefore it’s a way for these attackers to get highly leveraged on the victim to get them to pay money, so there’s lots of different victims and they can get lots of information with one attack.”

Marre also cautioned users to remain alert against phishing and social engineering attempts following the breach.

“They really need to watch out especially for social engineering attacks. These are the types of attacks that come as emails, texts, direct messages that look innocuous, but they’re really someone trying to trick you, defraud you, do something to further this crime, and so what they want to do is create a sense of urgency to get you to not think, not pause and just act quickly.”

He advised users to avoid clicking suspicious links, directly access platforms through official websites, and ensure multifactor authentication remains enabled on all accounts.

“When attackers get this kind of information or the kind of information that may be involved in this attack, things like emails, names, maybe direct messages, it’s good to remember attackers don’t always use this right away. Often they pause and wait sometimes even months before then using this in phishing attacks and other social engineering attacks.”
Marre added:

“We always need to be on guard when we’re online.”

Canvas is a widely adopted digital education platform used for assignments, lecture videos, grading systems, and academic communication. According to Luke Connolly, a threat analyst at Emisoft
, the hackers claimed that nearly 9,000 schools worldwide may have been affected, with billions of private messages and records potentially exposed.

Experts note that educational institutions have become prime targets for cybercriminals because of the vast amount of sensitive student and staff data they store digitally. Similar attacks in recent years have impacted the Minneapolis Public Schools and the Los Angeles Unified School District.

Connolly stated that the Canvas breach closely resembles a previous cyberattack involving PowerSchool
, another education technology provider. In that earlier incident, a college student from Massachusetts was charged in connection with the breach.

He further described ShinyHunters as a loosely organized group of teenagers and young adults based in the United States and the United Kingdom. The group has previously been linked to several high-profile cyberattacks, including one targeting Ticketmaster
, owned by Live Nation Entertainment
.

Read more »
Subscribe to: Posts (Atom)