Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Privacy. Show all posts
Security Breach
Cyber Privacy Cyberhackers Cybersecurity CyberThreat malware messages Security Breach

Recognizing the Messages That Signal a Security Breach

 


Increasingly, cybersecurity experts warn that using traditional antimalware tools can lead to a false sense of security if used in conjunction with a system of prevention. In today's rapidly evolving threat environment, this software remains a staple of personal and enterprise protection strategies. However, its limitations have become painfully obvious as the threat environment rapidly evolves. 

There is no doubt in my mind that signature-based scanners, in particular, are notoriously unreliable, particularly when faced with newly released exploits and malware variants—especially when they have just been released. One way to see the impact of this problem is to submit a suspicious file to Google's VirusTotal service, which aggregates results from 60 of the most trusted anti-malware engines in the world, but the detection rates are sometimes inconsistent and shockingly low even there. 

A major issue facing cybercriminals is the fact that they no longer have to rewrite malicious code in order to evade detection. In many cases, they are only necessary to rearrange a few bytes or make minor adjustments to render the threat completely invisible to traditional scanners, thus enhancing the accuracy of the scan. 

In order to increase accuracy, security vendors have added new layers of defence to their systems. The majority of antimalware solutions are now based on heuristic algorithms, which use analysis of program behaviour in order to identify suspicious activity rather than solely on known signatures in order to identify malicious software. 

Other companies also use virtualised sandboxes to observe files in isolation, monitor system processes in real-time, and analyse network traffic to detect threats. Although there have been significant advances in defending against cyber attacks, attackers continue to develop new techniques faster than defences can respond. The reality is that no single security product matter how advanced-can detect or block every cyber threat with total reliability. 

As malware is constantly mutating and adversaries are constantly refining their techniques at unprecedented speeds, organizations and individuals alike will need to adopt a more comprehensive approach to security. It will go well beyond simply installing antimalware software to ensure security goes well. 

The term security breach is generally understood as any incident in which sensitive data, networks, computer systems, or devices are accessed, disclosed, or tampered with without the authorization of the party involved. Such breaches do much more than simply cause inconveniences; they threaten data integrity, personal privacy, and organizational confidentiality in a way that goes far beyond mere inconveniences. 

In today's digital society where every aspect of life, including financial transactions, shopping, social interaction, and entertainment, is facilitated through online platforms, the stakes are much higher than ever. In many cases, individuals entrust their most private information with digital services and presume they will be protected by robust safeguards, which is why they trust digital services so much with their sensitive information. 

However, the reality is that as the volume and value of stored data increase, the incentive for malicious actors to exploit vulnerabilities will also increase. It is no secret that cybercriminals have been relentlessly targeting databases and applications to harvest data, such as personal information, payment information, and login credentials, all of which can then be exploited in order to commit identity thefts, financial frauds, and other sophisticated forms of cybercrime. 

For organizations, the impact of a security breach will be even greater. A compromised system does not only disrupt operations immediately, but it can also cause significant financial losses, regulatory penalties, and costly legal actions. Perhaps the most damaging of these effects, however, is the erosion of customer trust and corporate reputation, which can take years to restore. 

There is a growing awareness that security and data breach risks are not abstract threats but are in fact pressing realities that require vigilant prevention, prompt detection, and effective response measures for both businesses and individuals alike. It has been reported recently by cybersecurity company ESET that the frequency of such threats has been on the rise in recent years as a result of the escalation of these threats. 

According to the company's latest Threat Report, this has now occurred in greater numbers. There have been numerous warnings issued over the past few months regarding the increase in spam and viral outbreaks, but one of the most alarming aspects of these campaigns is that they continue to ensnare unsuspecting users despite their obvious simplicity and ease of recognition in theory. 

The ESET report demonstrates the fact that the ClickFix attacks have evolved into a highly adaptable and formidable threat, employing a wide array of malicious payloads, from info stealers to ransomware to sophisticated nation-state malware. While these attack methodologies can be applied to a variety of operating systems, Windows PCs remain the most susceptible and effective targets due to the prevalence and effectiveness of these techniques. 

A key component of ClickFix is a deceptively simple yet remarkably effective method of getting victims to fix their problems. Victims are typically instructed to open the Windows Run dialogue by pressing the Windows key plus "R," paste a string of text using Ctrl + V and press "Enter" – often under the pretext of resolving an urgent issue. 

However, while the initial script may seem harmless, it is often just a way of obtaining and silently executing a much more dangerous payload without the knowledge of the user. Performing this single action can be a gateway to a wide variety of malicious programs, including the Lumma Stealer, VidarStealer, StealC, Danabot, and many more information theft programs; remote access Trojans like VenomRAT, AsyncRAT, and NetSupport RAT; and several other tools designed to attack the user. 

There are crypto miners, clipboard hijackers, post-exploitation frameworks like Havoc and Cobalt Strike, and other specialised attack tools in this category. Security professionals have given unequivocal advice: Users should treat any unsolicited prompt urging them to perform this sequence of commands as an immediate red flag that indicates a deliberate attempt to compromise their system. 

Under any circumstances, users should be cautious of following such instructions, as they can result in a significant compromise. In order to avoid any potential problems with the application in question, users should immediately close, or force-quit, restart their computers, and then run a thorough antivirus scan. Furthermore, it is necessary to change all of the key account passwords and monitor financial statements for signs of suspicious activity. 

While ClickFix attacks are most commonly associated with Windows environments, ESET's findings serve as a timely reminder that Macs are not immune to these attacks either. It has been reported that similar social engineering tactics can be used to entice macOS users to run scripts that appear benign but, in reality, facilitate unauthorized access to their devices. 

It demonstrates how important it is to remain cautious when dealing with uninvited technical instructions, regardless of the platform that users are using. ESET, a cybersecurity company that issued a recent alert regarding the increase in these threats, has indicated in its latest Threat Report that these attacks have now risen dramatically in frequency, which is in line with other previous warnings that have been issued over the past few months. 

However, what is even more alarming about these campaigns is the persistent manner in which they continue to ensnare unsuspecting users, even though these campaigns, in theory, should be easily recognised and avoided. The ESET report demonstrates the fact that the ClickFix attacks have evolved into a highly adaptable and formidable threat, employing a wide array of malicious payloads, from info stealers to ransomware to sophisticated nation-state malware.

While these attack methodologies can be applied to a variety of operating systems, Windows PCs remain the most susceptible and effective targets due to the prevalence and effectiveness of these techniques. Despite its deceptive simplicity, ClickFix's core tactic is remarkably effective as well. When victims are contacted to resolve an urgent issue, they are typically instructed to open the Windows Run dialogue by pressing the Windows key plus the "R" and then to paste a string of text using "Ctrl + V" before pressing "Enter." 

Although it may initially seem harmless or routine, the script usually serves as a conduit for retrieving and silently executing a far more dangerous payload, without the user being aware of it. By taking this action, users will be allowing themselves to be infected by a wide variety of malicious programs, such as Lumma Stealers, Vidar Stealers, StealC, Danabots, and many more. Remote Access Trojans, such as VenomRAT, AsyncRAT, and NetSupport RA, are some of the most prominent ones, along with cryptominers, clipboard hijackers, post-exploitation frameworks like Havoc and Cobalt Strike, and a variety of other specialised tools. 

Security professionals have given unequivocal advice: Users should treat any unsolicited prompt urging them to perform this sequence of commands as an immediate red flag that indicates a deliberate attempt to compromise their system. Under any circumstances, users should be cautious of following such instructions, as they can result in a significant compromise. As a matter of fact, they should close or force-quit the application in question, reboot the system, and carry out a thorough antivirus scan immediately. 

Additionally, it is essential that all critical account passwords be changed and that all financial statements be monitored closely for signs of suspicious activity. It has been found that ClickFix attacks are most common on Windows-based operating systems, but ESET's findings serve as a timely reminder that Mac users are not entirely immune to these attacks. 

The same social engineering techniques are used to trick Mac users into running scripts ostensibly benign by guiding them in a way that facilitates unauthorized access to their devices. This reinforces the crucial need to be vigilant and sceptical when dealing with any unsolicited technical instructions, regardless of the platform. For security breaches to be minimized and an effective response mounted promptly, it is important to recognize early signs of a breach. 

Several warning signs often point towards unauthorized activity within a system or network. Unusual network behaviour, such as sudden spikes in data traffic, irregular transfers, or sudden surges in bandwidth, can be a sign of an intentional data exfiltration or malicious probing of the network. In addition to unexplained system problems, including unexplained slowdowns, frequent crashes, or prolonged downtime, it is possible for malware to exploit these vulnerabilities. 

Suspicious account activity can also raise concerns. It is usually a sign of active compromise or credential theft when a user account appears unfamiliar, logins are made at odd hours, or repeated attempts are made to log in at odd hours. As a last point to note, data anomalies can be an indication that there has been a security breach. Missing, altered, or corrupted files are evidence that there has been an attack, as are access logs that indicate the entry of unauthorized individuals into sensitive databases.

By recognizing these signs and responding swiftly, organizations can better protect their data, operations, and reputation against the increasing threats of cyber-attacks. The threat landscape is becoming increasingly complex, and as a result, individuals and organisations are faced with a need to take an increasingly proactive and layered approach to cybersecurity. It has never been more important. 

As a result, we must go beyond conventional security tools and take deliberate steps to harden systems, train users, and prepare for contingencies besides conventional tools. When users create robust incident response procedures, conduct regular security audits, and invest in employee training, they can significantly reduce the chance that simple social engineering techniques or undetected malware will succeed, thereby reducing the likelihood that they will succeed. 

It is equally important for the organisation to utilise threat intelligence feeds, maintain current software, and enforce strong access controls to remain on top of an adversary that is continually refining its methods. A culture of security awareness is crucial for organizations to create where all users are aware that vigilance is not optional but rather a shared responsibility, which is why organizations should cultivate it. 

The businesses, as well as the individuals, can strengthen their defenses, and make sure that when the next attempt comes—and it will—they will be ready to detect, contain, and recover quickly, as the next attempt will be a result of the combination of modern technologies, disciplined operational practices, and a mindset that emphasizes continuous improvement.
Read more »
SEV
Advantech vulnerabilities Cyber Privacy Cyber Technology Cyberattacks CyberCrime Cyberhackers Cybersecurity Cyberthreats Data Breach Data protection nAMD System SEV

AMD Systems Vulnerability Could Threaten Encrypted Data Protection

 


There has been an announcement of a new technique for bypassing key security protections used in AMD chips to gain access to the clients of those services. Researchers believe that hackers will be able to spy on clients through physical access to cloud computing environments. Known as the "badRAM" security flaw, it has been described as a $10 hack that undermines the trust that the cloud has in it. 

This vulnerability was announced on Tuesday. Like other branded vulnerabilities, this vulnerability is being disclosed on a website with a logo and will be explained in a paper to be presented at next May's IEEE Symposium on Security and Privacy 2025. 

There is an increasing use of encryption in today's computers to protect sensitive data in their DRAM, especially in shared cloud environments with multiple data breaches and insider threats, which are commonplace. The Secure Encrypted Virtualization (SEV) technology of AMD enables users to protect privacy and trust in cloud computing by encrypting the memory of virtual machines (VMs) and isolating them from advanced attackers, including those who compromise critical infrastructure like the virtual machine manager and firmware, which is a cutting-edge technology. 

According to researchers, AMD's Secure Encrypted Virtualization (SEV) program, which protects processor memory from prying eyes in virtual machine (VM) environments, is capable of being tricked into letting someone access the contents of its encrypted memory using a test rig which costs less than $10 and does not require additional hardware. It is important to note that AMD is among the first companies to leverage the capabilities of chipset architecture to improve processor performance, efficiency, and flexibility. 

It has been instrumental in extending and building upon Moore's Law performance gains and extending them further. As a result of the firm's research, performance gains under Moore's Law have been extended and built upon, and the company announced in 2018 that the first processor would have a chipset-based x86 CPU design that was available. Researchers at the University of Lübeck, KU Leven, and the University of Birmingham have proposed a conceptually easy and cheap attack called “BadRAM”. 

It consists of a rogue memory module used to trick the CPU into believing that it has more memory than it does. Using this rogue memory module, you get it to write its supposedly secret memory contents into a "ghost" space that is supposed to contain the hidden memory contents. In order to accomplish this task, researchers used a test rig anyone could afford to buy, composed of a Raspberry Pi Pico, which costs a couple of dollars, and a DIMM socket for DDR4/5 RAM modules. 

The first thing they did was manipulate the serial presence detection (SPD) chip within the memory module so that it would misreport the amount of memory onboard when the device was booted up – the “BadRAM” attack. Using reverse engineering techniques to locate these memory aliases, they had access to memory contents by bypassing the system's trusted execution environment (TEE), as this created two physical addresses referencing the same DRAM location. 

According to the CVE description, the issue results from improper input validation of DIM SPD metadata, which could potentially allow an attacker with certain access levels to overwrite guest memory, as the issue is described as a result of improper input validation. It has been deemed a medium severity threat on the CVSS, receiving a 5.3 rating owing to the high level of access that a potential attacker would need to engage to successfully exploit the problem. 

According to AMD, the issue may be a memory implementation issue rather than a product vulnerability, and the barriers to committing the attack are a lot higher than they would be if it were a software product vulnerability. AMD was informed of the vulnerability by the researchers in February, which has been dubbed CVE-2024-21944, as well as relates specifically to the company’s third and fourth-generation EPYC enterprise processors. According to AMD’s advisory, the recommendation is to use memory modules that lock SPD and to follow physical security best practices. 

A firmware update has also been issued, although each OEM's BIOS is different, according to AMD. As the company has stated on several occasions, it will make mitigations more prominent in the system; there is specific information on the condition of a Host OS/Hypervisor, and there is also information available on the condition of a Virtual Machine (Guest) to indicate that mitigation has been applied.

The AMD company has provided an in-depth explanation of the types of access an attacker would need to exploit this issue in a statement given to ITPro, advising clients to follow some mitigation strategies to prevent the problem from becoming a problem. The badRAM website states that this kind of tampering may occur in several ways — either through corrupt or hostile employees at cloud providers or by law enforcement officers with physical access to the computer. 

In addition, the badRAM bug may also be exploited remotely, although the AMD memory modules are not included in this process. All manufacturers, however, that fail to lock the SPD chip in their memory modules, will be at risk of being able to modify their modules after boot as a result of operating system software, and thus by remote hackers who can control them remotely. 

According to Recorded Future News, Oswald has said that there has been no evidence of this vulnerability being exploited in the wild. However, the team discovered that Intel chips already had mitigations against badRAM attacks. They could not test Arm's modules because they were unavailable commercially. An international consortium of experts led by researchers from KU Leuven in Belgium; the University of Luebeck in Germany; and the University of Birmingham in the United Kingdom conducted the research.
Read more »
Privacy
Cyber Privacy Digital Privacy Facebook Meta Privacy

Meta's AI Ambitions Raised Privacy and Toxicity Concerns

In a groundbreaking announcement following Meta CEO Mark Zuckerberg's latest earnings report, concerns have been raised over the company's intention to utilize vast troves of user data from Facebook and Instagram to train its own AI systems, potentially creating a competing chatbot. 

Zuckerberg's revelation that Meta possesses more user data than what was employed in training ChatGPT has sparked widespread apprehension regarding privacy and toxicity issues. The decision to harness personal data from Facebook and Instagram posts and comments for the development of a rival chatbot has drawn scrutiny from both privacy advocates and industry observers. 

This move, unveiled by Zuckerberg, has intensified anxieties surrounding the handling of sensitive user information within Meta's ecosystem. As reported by Bloomberg, the disclosure of Meta's strategic shift towards leveraging its extensive user data for AI development has set off a wave of concerns regarding the implications for user privacy and the potential amplification of toxic behaviour within online interactions. 

Additionally, the makers will potentially offer it free of charge to the public which led to different concerns in the tech community. While the prospect of accessible AI technology may seem promising, critics argue that Zuckerberg's ambitious plans lack adequate consideration for the potential consequences and ethical implications. 

Following the new development, Mark Zuckerberg reported to the public that he sees Facebook's continued user growth as an opportunity to leverage data from Facebook and Instagram to develop powerful, general-purpose artificial intelligence. With hundreds of billions of publicly shared images and tens of billions of public videos on these platforms, along with a significant volume of public text posts, Zuckerberg believes this data can provide unique insights and feedback loops to advance AI technology. 

Furthermore, as per Zuckerberg, Meta has access to an even larger dataset than Common Crawl, comprised of user-generated content from Facebook and Instagram, which could potentially enable the development of a more sophisticated chatbot. This advantage extends beyond sheer volume; the interactive nature of the data, particularly from comment threads, is invaluable for training conversational AI agents. This strategy mirrors OpenAI's approach of mining dialogue-rich platforms like Reddit to enhance the capabilities of its chatbot. 

What is Threatening? 

Meta's plan to train its AI on personal posts and conversations from Facebook comments raises significant privacy concerns. Additionally, the internet is rife with toxic content, including personal attacks, insults, racism, and sexism, which poses a challenge for any chatbot training system. Apple, known for its cautious approach, has faced delays in its Siri relaunch due to these issues. However, Meta's situation may be particularly problematic given the nature of its data sources. 
Read more »
Technology
Artifical Inteligence Cyber Privacy LLMs Software Execution Technology

The Pros and Cons of Large Language Models

 


In recent years, the emergence of Large Language Models (LLMs), commonly referred to as Smart Computers, has ushered in a technological revolution with profound implications for various industries. As these models promise to redefine human-computer interactions, it's crucial to explore both their remarkable impacts and the challenges that come with them.

Smart Computers, or LLMs, have become instrumental in expediting software development processes. Their standout capability lies in the swift and efficient generation of source code, enabling developers to bring their ideas to fruition with unprecedented speed and accuracy. Furthermore, these models play a pivotal role in advancing artificial intelligence applications, fostering the development of more intelligent and user-friendly AI-driven systems. Their ability to understand and process natural language has democratized AI, making it accessible to individuals and organizations without extensive technical expertise. With their integration into daily operations, Smart Computers generate vast amounts of data from nuanced user interactions, paving the way for data-driven insights and decision-making across various domains.

Managing Risks and Ensuring Responsible Usage

However, the benefits of Smart Computers are accompanied by inherent risks that necessitate careful management. Privacy concerns loom large, especially regarding the accidental exposure of sensitive information. For instance, models like ChatGPT learn from user interactions, raising the possibility of unintentional disclosure of confidential details. Organisations relying on external model providers, such as Samsung, have responded to these concerns by implementing usage limitations to protect sensitive business information. Privacy and data exposure concerns are further accentuated by default practices, like ChatGPT saving chat history for model training, prompting the need for organizations to thoroughly inquire about data usage, storage, and training processes to safeguard against data leaks.

Addressing Security Challenges

Security concerns encompass malicious usage, where cybercriminals exploit Smart Computers for harmful purposes, potentially evading security measures. The compromise or contamination of training data introduces the risk of biased or manipulated model outputs, posing significant threats to the integrity of AI-generated content. Additionally, the resource-intensive nature of Smart Computers makes them prime targets for Distributed Denial of Service (DDoS) attacks. Organisations must implement proper input validation strategies, selectively restricting characters and words to mitigate potential attacks. API rate controls are essential to prevent overload and potential denial of service, promoting responsible usage by limiting the number of API calls for free memberships.

A Balanced Approach for a Secure Future

To navigate these challenges and anticipate future risks, organisations must adopt a multifaceted approach. Implementing advanced threat detection systems and conducting regular vulnerability assessments of the entire technology stack are essential. Furthermore, active community engagement in industry forums facilitates staying informed about emerging threats and sharing valuable insights with peers, fostering a collaborative approach to security.

All in all, while Smart Computers bring unprecedented opportunities, the careful consideration of risks and the adoption of robust security measures are essential for ensuring a responsible and secure future in the era of these groundbreaking technologies.





Read more »
Digital Security
Chief Information Security Office CISO CISO role Cyber Defence Cyber Privacy Cyber Security Digital Security

Why T-POT Honeypot is the Premier Choice for Organizations

 

In the realm of cybersecurity, the selection of the right tools is crucial. T-POT honeypot distinguishes itself as a premier choice for various reasons. Its multifaceted nature, which encompasses over 20 different honeypots, offers a comprehensive security solution unmatched by other tools. This diversity is pivotal for organizations, as it allows them to simulate a wide range of network services and applications, attracting and capturing a broad spectrum of cyber attacks. 
 
Moreover, the integration with the custom code developed by the Cyber Security and Privacy Foundation is a game-changer. This unique feature enables T-POT to send collected malware samples to the Foundation's threat intel servers for in-depth analysis. The results of this analysis are displayed on an intuitive dashboard, providing organizations with critical insights into the nature and behaviour of the threats they face. This capability not only enhances the honeypot's effectiveness but also provides organizations with actionable intelligence to improve their defence strategies. 
 
The ability of T-POT to provide real-time, actionable insights is invaluable in today’s cybersecurity landscape. It helps organizations stay one step ahead of cybercriminals by offering a clear understanding of emerging threats and attack patterns. This information is crucial for developing robust security strategies and for training cybersecurity personnel in recognizing and responding to real-world threats. 
 
In essence, T-POT stands out not only as a tool for deception but also as a platform for learning and improving an organization’s overall cybersecurity posture. Its versatility, combined with the advanced analysis capabilities provided by the integration with the Cyber Security and Privacy Foundation's code, makes it an indispensable tool for any organization serious about its digital security. The honeypot api analyses malware samples and the result of the honeypot can be seen on the backend dashboard. 
 
Written by: Founder, cyber security and privacy foundation.
Read more »
Unauthorized access
Artificial Intelligence Chat GPT Cyber Privacy GDPR HIPAA OpenAI PII Privacy Unauthorized access

Safeguarding Your Work: What Not to Share with ChatGPT

 

ChatGPT, a popular AI language model developed by OpenAI, has gained widespread usage in various industries for its conversational capabilities. However, it is essential for users to be cautious about the information they share with AI models like ChatGPT, particularly when using it for work-related purposes. This article explores the potential risks and considerations for users when sharing sensitive or confidential information with ChatGPT in professional settings.
Potential Risks and Concerns:
  1. Data Privacy and Security: When sharing information with ChatGPT, there is a risk that sensitive data could be compromised or accessed by unauthorized individuals. While OpenAI takes measures to secure user data, it is important to be mindful of the potential vulnerabilities that exist.
  2. Confidentiality Breach: ChatGPT is an AI model trained on a vast amount of data, and there is a possibility that it may generate responses that unintentionally disclose sensitive or confidential information. This can pose a significant risk, especially when discussing proprietary information, trade secrets, or confidential client data.
  3. Compliance and Legal Considerations: Different industries and jurisdictions have specific regulations regarding data privacy and protection. Sharing certain types of information with ChatGPT may potentially violate these regulations, leading to legal and compliance issues.

Best Practices for Using ChatGPT in a Work Environment:

  1. Avoid Sharing Proprietary Information: Refrain from discussing or sharing trade secrets, confidential business strategies, or proprietary data with ChatGPT. It is important to maintain a clear boundary between sensitive company information and AI models.
  2. Protect Personal Identifiable Information (PII): Be cautious when sharing personal information, such as social security numbers, addresses, or financial details, as these can be targeted by malicious actors or result in privacy breaches.
  3. Verify the Purpose and Security of Conversations: If using a third-party platform or integration to access ChatGPT, ensure that the platform has adequate security measures in place. Verify that the conversations and data shared are stored securely and are not accessible to unauthorized parties.
  4. Be Mindful of Compliance Requirements: Understand and adhere to industry-specific regulations and compliance standards, such as GDPR or HIPAA, when sharing any data through ChatGPT. Stay informed about any updates or guidelines regarding the use of AI models in your particular industry.
While ChatGPT and similar AI language models offer valuable assistance, it is crucial to exercise caution and prudence when using them in professional settings. Users must prioritize data privacy, security, and compliance by refraining from sharing sensitive or confidential information that could potentially compromise their organizations. By adopting best practices and maintaining awareness of the risks involved, users can harness the benefits of AI models like ChatGPT while safeguarding their valuable information.
Read more »
Technology
Cyber Privacy Cyberattacks CyberCrime Encryption Password Privacy Software Technology

Tech Issues Persist at Minneapolis Public Schools

 


Students and staff from Minneapolis Public Schools returned to their school buildings this week. However, the ongoing issues resulting from a cyberattack that occurred in the district caused disruptions to continue for the remainder of the week. 

There was an update to the district's attendance and grades system on Tuesday, and the system was working without a hitch. There are still some teachers who have difficulty logging into the programs, said Greta Callahan, the teacher chapter president of the Minneapolis Federation of Teachers. It was decided to cancel Monday's after-school activities because there was a problem that needed to be addressed. 

There have been a few email updates from district officials to parents regarding the "technical difficulties" that have occurred due to an "encryption event", but they have not explained what caused them to have these difficulties. So far, some of the district's information systems have been unavailable for a week as a result of these problems. 

The description of an "encryption event" may seem vague, but a ransomware attack could be what was happening, according to Matthew Wolfe, vice president of cybersecurity operations at Impero Software, a company that provides education software among other things. 

School districts have become more and more targeted in recent years as a result of terrorist attacks. As a result of the rapid transition to distance learning at the beginning of the pandemic, Wolfe believes districts became easier targets for the aforementioned disease. 

"With the increase in the number of devices, more areas are likely to be affected," Mr. Alexander explained, adding that because of the push to make e-learning accessible to all students at home, protection is often pushed to the back burner. 

The recent spate of cyberattacks has made headlines repeatedly in recent months: A cyberattack in January forced schools in the Des Moines area to cancel classes. Los Angeles Unified, the country's second-largest school district, has been attacked by ransomware, reportedly from Vice Society, in the wake of the alleged attack. The dark web has been crawled by about 2,000 students following that incident, with their psychological examinations being uploaded. 

There had not been any update from the Minneapolis district by the end of the school day Tuesday about what caused the incident and its cause. At a closed meeting held Tuesday night, a presentation on security issues related to IT would be made to the school board members. 

The Minneapolis district has released an update on its investigation into whether personal information was compromised, and it has found no evidence of this. 

However, the staff was tasked with resetting the passwords and guiding students through the procedure. 

On Monday, as a result of teacher frustration, Callahan reported that teachers were having difficulties resetting student passwords. As a result, teachers had to come up with creative ways to come up with a wide variety of workshops and activities for the students since printers were also down. 

There is a need for more transparency in the district's administration, according to Callahan. There does not seem to be anything else involved in this process other than just hoping everything works out by Monday. 

Parents have repeatedly been informed that district officials have worked with external IT specialists and school IT personnel "around the clock" to investigate the root cause of this attack and to understand what is transpiring on the computer systems as a result of it. 

When a cyberattack occurs at any time of day or night, school IT professionals are unavoidably overwhelmed and try to protect their schools constantly. "They're going through a really tough time right now for a district and it's going to be a long process," he said. 

Despite recent events that indicate Minneapolis schools may have been targeted, Wolfe said he believes it's likely that the schools have been targeted because of a 2020 incident that nearly caused the school district to incur a $50,000 loss. It is cyber fraud that occurs when payments are made to a fraudulent account to defraud a legitimate contractor. 

Minneapolis Public Schools said in a statement that the money had been safely returned to the district. They added that additional protocols had been implemented as a result. 

That incident was covered in a Fox 9 report that was published in February. In his testimony, Wolfe stated that a hacker engaged in a targeted attack is looking for vulnerabilities in a potential target. 

Several stories have been reported in the news about staffing shortages in Minneapolis. These include the district's financial outlook, as well as the absence of a permanent superintendent in the district, Wolfe said. As Wolfe pointed out, even the fact that the district is preparing to launch a new website to the public may garner hacker interest. 

"There is no doubt that this is an easy target to steal from because of all those digital footprints," Wolfe told.   
Read more »
Subscribe to: Posts (Atom)