Tag Archive for: colleges

Nearly 900 colleges hit by MOVEit hack on National Student Clearinghouse

/in


The National Student Clearinghouse disclosed that nearly 900 colleges and universities have been impacted by the MOVEit hack.

The non-profit organization, which delivers reporting, verification and research services to higher education institutions across North America, informed the state of Maine’s attorney general in late August that more than 51,000 individuals are affected by this most recent incident.

Emsisoft, which has been keeping track of the organizations that were directly and indirectly impacted by the MOVEit hack, reported that the total number of victims from all the hacks reached 2,053 on Sept. 22. The total number of impacted individuals exceeds 57 million.  

Progress Software, makers of the MOVEit software, disclosed there was a critical zero-day vulnerability in the application that allowed unauthorized third parties to access its customers’ MOVEit environments back on May 31.

In an alert about this most recent incident, the National Student Clearinghouse said that the unauthorized party obtained certain files within the Clearinghouse’s MOVEit environment that may have included information from the student record database on current or former students. The Clearinghouse said it has no evidence that the affected files included the enrollment and degree files that organizations submit to the Clearinghouse for reporting requirements and for verifications.

The Clearinghouse has contracted with a third-party cybersecurity firm to conduct an investigation and has contacted law enforcement. It said the attack only involves its MOVEit file transfer application.

As cyber teams continue to address this spate of attacks, the news should serve as a wakeup call to every organization that security teams must remediate this serious zero-day vulnerability immediately, said Darren Guccione, co-founder and CEO at Keeper Security. However, Guccione said as any organization grows and becomes a more appealing target, the quality and focus of these attacks will increase accordingly.

“All organizations should take a proactive approach to regularly update software and immediately patch vulnerabilities that are being actively exploited in the wild,” said Guccione. “Organizations…

Source…

Hack disrupts Southern Arkansas University communications | Colleges & Universities

/in


Southern Arkansas University is recovering from an attack against its computer servers.

A statement said SAU is responding to a security incident that disrupted access to university systems and applications.

“While access to some systems remain offline, access to faculty, staff, and student email and the Blackboard learning management system are operational.

“SAU is working with independent forensic specialists to investigate the situation and will take all appropriate actions in response to its findings,” the statement said.

“We have notified law enforcement and will continue to actively monitor our networks and take appropriate actions to protect our systems in line with our incident response protocols,” the statement said.

Source…

Ransomware threat against colleges grows, survey finds

/in


This audio is auto-generated. Please let us know if you have feedback.

Dive Brief: 

  • Ransomware attacks targeted the education sector more than any other industry in the last year, with 79% of surveyed higher education institutions across the world reporting being hit, according to an annual report from Sophos, a U.K.-based cybersecurity firm. 
  • Of the higher ed institutions that reported ransomware attacks, 59% said it resulted in them losing “a lot of” business and revenue. Around one-fourth, 28%, reported smaller losses. 
  • Hackers exploited system vulnerabilities in 4 in 10 higher education ransomware attacks, making them the sector’s most common root issue. Compromised credentials caused another 37% of attacks, while malicious emails led to 12% of reported incidents. 

Dive Insight: 

Sophos’ latest survey suggests that ransomware is increasingly targeting colleges and universities. In 2022’s report, only 64% of higher education institutions said they had been hit by ransomware in the past year — 15 percentage points lower than the share who reported incidents in the latest survey.

In some cases, hackers are ramping up their efforts to get colleges to pay for the return of their data. 

Knox College, a private liberal arts institution in Illinois, made headlines late last year when a hacker group broke into its computer system and accessed student data. The group that took credit for the breach, known as Hive, emailed students saying they had retrieved “personal information, medical records, psychological assessments, and many other sensitive data,” and threatened to sell their social security numbers. 

The attack spurred multiple lawsuits from students, who allege that Knox failed to follow the latest security practices to shield sensitive data. 

“Sophos’ latest report is a clarion reminder that ransomware remains a major threat, both in scope and scale,” said Megan Stifel, chief strategy officer at the Institute for Security and…

Source…

UGC asks colleges to boost cybersecurity

/in


With online education becoming a new normal, India’s apex higher education regulator University Grants Commission (UGC) has asked colleges, institutions and universities to strengthen the cybersecurity mechanism and put in place a cybersecurity ecosystem.

This comes as India battles a surge in cybersecurity incidents post the pandemic as several services, including education, have shifted online.

Education is a key target for cyber frauds as it deals with a huge amount of data on demographic and professional records of students, staff and allied education sector. It is also a big user of online financial transactions, becoming an easy target for cybercriminals.

The education regulator has also asked higher educational institutions, numbering over 50,000, to be on the guard and report cybersecurity incidents.

UGC, in a letter to institutions, told them its effort is to draw their attention and action “to strengthen cybersecurity and to tackle the unforeseen challenges of cybercrime and develop an ecosystem for cyber security in HEIs (higher education institutions)”. Mint has seen a copy of the letter.

The education regulator said institutions must sensitize staff and students to the Indian Cyber Crime Coordination Centre and initiatives take by the home ministry to prevent cybercrimes.

The regulator’s directive may work as a template for the overall education sector at a time usage and integration of technology in education is going to increase and the education ministry itself is speaking about the value of technology in education to increase access and better use of resources.

Cybersecurity incidents have been rising of late. Barracuda Networks, a cybersecurity firm, found more than 1,000 spear-phishing attacks targeting educational institutions in India between July and September 2020, Mint reported in November. The lack of awareness, tight budgets and limited resources make institutions and schools easy targets for cyberattacks and “unfortunately, make attacks more effective”, Murali Urs, country manager, India, of Barracuda Networks, said at the time.

A government official,…

Source…