Search This Blog

Showing posts with label education sector. Show all posts

 Tennessee State University was Targeted by a Cyber Attack

 

Officials say a data security breach at a Tennessee community college might just have resulted in a sensitive data breach of previous and present students, instructors, and employees. 

In 2021, educational institutions are expected to experience a record number of ransomware attacks, with K-12 schools being the top targets. Productive one-device-per-student and learn-from-anywhere programs have increased the attack surface for numerous cyber risks while improving educational achievements. 

Ransomware is a type of destructive software created by coordinated cybercriminals, often known as "bad actors, "A hacker employs software, which is generally transmitted via phishing emails, to encrypt or prevent access to information systems and documents in a ransomware assault. The victim is told that the only option to regain access is to pay a ransom or a set amount of money.

Officials say a data security breach at a Tennessee community college might just have resulted in unauthorized private data of previous and present students, instructors, and employees being breached. The Tennessee Board of Regents said in a press release, “Pellissippi State Community College is issuing out notices regarding a ransomware attack aimed primarily at encrypting school data in order to extort a ransom payment.” According to the Knoxville college's website, Pellissippi State did not pay a ransom. 

According to the board, which governs the state's community colleges, the college's core database and online payment systems have not been infected, and no data from such networks was accessed by unauthorized individuals. Officials believe a data leak at a Tennessee community college may have exposed the personal information of former and current students, professors, and workers to the public. 

Schools have become increasingly subject to security concerns and potential assaults as a result of the buzz of new technology required to enable the move to remote learning as a reaction to the growing health issue. 

New applications, patching delays, and security measures falling short of mark have added complexity and risks to situations where security had previously been a last-minute consideration. These flaws constitute a serious risk if they are exploited. 

As per the experts, absolute research is significant because it evaluates how virtual learning disruption, particularly new technology adoption, has enabled new attack avenues for bad actors and hackers.

The GootLoader Hackers are After Law Firms and Accounting Firms

 

GootLoader is a piece of initial access malware that allows its operators to install a variety of other malware families, including ransomware, on affected devices. It was first discovered in December 2020. The GootLoader hacking organization has been primarily targeting personnel at law and accounting firms in recent weeks, with the most recent attack occurring on January 6. So far, eSentire claims to have intercepted three such assaults. Potential victims are directed to hacked genuine websites that include hundreds of pages of business-related content, including free document samples for download, but they are instead infected with GootLoader. 

GootLoader is distributed using Drive-By-Download programmes, which are driven by SEO, specifically through Google. The hackers are enticing business professionals to authentic but compromised websites that they have packed with hundreds of pages of content, including multiple connections to business agreements, including legal and financial agreements, in these recent attacks.
 
The content claims to provide free downloads of these documents. eSentire's Threat Response Unit (TRU) discovered that the GootLoader hackers set up over 100,000 malicious webpages marketing various forms of commercial deals during an intensive GootLoader campaign that began last December. 

How are the GootLoader threat actors able to infiltrate reputable websites with hundreds of pages of malicious content? 

Tragically, it is just too simple. Hundreds of legitimate websites employing WordPress as the content management system have been detected by the GootLoader gang. WordPress, like many other content management systems, has several vulnerabilities, which hackers may simply exploit to load websites with as many harmful pages as all without the knowledge of the website owner. These websites, according to the TRU team, encompass a wide spectrum of industries, including hotel, high-end retail, education, healthcare, music, and visual arts. 

"The abundance of content that threat actors have pushed onto the web, when professional looks for a sample business agreement on Google, the hackers' malicious web pages appear in the top Google searches," said Keegan Keplinger, TRU's research and reporting lead. 

Three law businesses and an accounting firm were targeted by the cybersecurity services provider, which said it intercepted and demolished the attacks and the victims' identities have not been revealed. Organizations should implement a vetting process for business agreement samples, train staff to open documents only from reputable sources, and confirm that the content downloaded matches the content intended for download.

Ransomware Attacks Targeting UK’s Education Sector Increased, says NCSC

 

According to the warning by GCHQ's cybersecurity arm, NCSC, there has been a substantial spike in the number of ransomware attacks targeting the education sector over the last month, just as schools were getting ready to resume in-person classes. 

Ransomware attacks on the UK education sector have been on the rise, according to a new report. This includes developments seen in August and September 2020, along with attacks that have occurred since February 2021. It also offers mitigation recommendations to help in the defense of this sector. 

According to the report, senior leaders must recognize the magnitude of the threat and the ability of the ransomware to cause serious harm to their organizations in terms of information exposure and access to important services. 

Ransomware encrypts servers and files, making it impossible for businesses to provide services. Cybercriminals are anticipating that the need for schools and colleges to provide instruction would lead to target organizations succumbing to extortion requests and paying a bitcoin ransom in return for the decryption key required to recover the network. More importantly, cybercriminals have begun to warn that if the ransom is not paid, they will disclose confidential data taken from the network during the attack. Many elevated cases have arisen in which cybercriminals have carried out their attacks by exposing confidential data to the public, mostly via the darknet's “name and shame” websites. 

"In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing," the agency said. 

Ransomware attacks can be crippling to businesses, taking a considerable period for victims to recover and restore vital services. These activities can also be high-profile in nature, gaining a lot of attention from the public and the media. 

There are many ways for ransomware attackers to gain entry to a victim's network. Remote Desktop Protocol (RDP) is one of the most commonly used protocols for remote desktop activities, according to the NCSC, allowing staff to access their office desktop computers or servers from a remote device over the internet. Ransomware attackers often use insecure RDP and virtual private networks (VPN) configurations to gain initial access to victims' computers. 

"This is a growing threat and we strongly encourage schools, colleges, and universities to act on our guidance and help ensure their students can continue their education uninterrupted", says NCSC. 

To protect against malware and ransomware threats, the NCSC suggests that businesses must adopt a "defense in depth" technique. Having an effective plan for vulnerability management and deploying security fixes, protecting remote web services with multi-factor encryption, and installing and activating anti-virus programs are all cybersecurity guidelines for schools, colleges, and universities to secure their networks from ransomware attacks.