Tag Archive for: education

Ransomware is targeting US healthcare and education

/in




The USA is now seeing more ransomware attacks than the next 22 most-affected countries combined, according to a new report that expects the number of incidents to rise sharply.

Security research firm Malwarebytes has previously reported on the different approaches bad actors take to users of Macs compared to PCs. Now in its latest annual report, the writers say there were 1,462 reported ransomware attacks in the US alone.

“Over the last 12 months, education and healthcare were the most beleaguered sectors in the US outside of services,” says Malwarebytes in its report. “They received so many attacks that if they were countries, they would be the fourth and sixth most attacked in the world, on either side of Germany.”

The broad category of Services attracted 26% of all US ransomware attacks. Financial services was the lowest-specified category, being the target of 2% of US ransomware attacks in the year to July 2023.

“While the number of active groups in the US has increased over the last year,” continues the report, “the escalation in the number of monthly attacks appears to be the result of existing ransomware groups being more active.”

Malwarebytes further claims that there is evidence ransomware is growing, and specifically that it is increasing the use of ransomware-as-a-service (RaaS). An up-and-coming group, CL0P, is making waves with its ascension using RaaS, overtaking large groups like LockBit some months.

RaaS can be spread by various methods, but reportedly the most common one is that it is sent out by email.

“In March, CL0P used a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool to break into numerous victims’ networks, chalking up 48 known attacks-almost double LockBit’s total,” said Malwarebytes. “In late May, after two quiet months, CL0P returned, abusing a zero-day in Progress Software’s file transfer tool MOVEit Transfer to compromise an even larger number of victims, again vastly exceeding LockBit’s output that month.”

Top ten most ransomware attacked countries in the last year (Source: Malwarebytes)

“[However, from] CL0P’s perspective the campaign has achieved…

Source…

Nuclear Security Education: IAEA Partners with Universities and Research Institutions

/in


Aligning the available teaching materials on nuclear security with the latest IAEA guidance is an important stepping stone in the path to excellence in nuclear security education. This objective is among the key areas of work of the International Nuclear Security Education Network (INSEN), a partnership mechanism that facilitates the collaboration of the IAEA with educational and research institutions.

“Education and training in the area of nuclear security is an essential component of the IAEA’s nuclear security programme,” said Elena Buglova, Director of the IAEA Division of Nuclear Security, during the INSEN Annual meeting convened in Vienna in July. “By sharing experiences and good practices, INSEN members can further enhance their capacities in order to effectively contribute to strengthening nuclear security regimes through a sustainable nuclear security education.” 

Established in 2010, INSEN has 204 members and 13 observers from 72 countries. Their work includes the development of peer-reviewed teaching materials; faculty development in different areas of nuclear security; joint research activities; student exchange programmes; academic theses supervision and evaluation; knowledge management; promotion of nuclear security education; and other related activities.

During their recent annual meeting, 94 participants representing 45 INSEN member countries came together to review the implementation progress of the Network’s Action Plan to identify and evaluate the activities for the coming year.

The exchanges also covered topics such as the role of research in enhancing nuclear security, international collaboration, capacity building as well as gender equality.

“INSEN utilizes feedback received from its members and other international experts through meetings, personal communication, and surveys to understand the evolving nature of nuclear security, and assess the effectiveness of nuclear security education,” said Alpana Goel, Director of Amity Institute of Nuclear Science and Technology from India and Chair of INSEN.

The revision of existing nuclear security teaching materials according to the IAEA publication “Model Academic Curriculum in Nuclear…

Source…

US Gov Rolls Out National Cyber Workforce, Education Strategy

/in


The Biden administration on Monday rolled out its first-ever National Cyber Workforce and Education Strategy (NCWES), announcing a series of “generational investments” to  address immediate and long-term cyber workforce needs. 

The new strategy seeks to transform cyber education in K-12 schools, community colleges and technical schools, invest in teachers and cyber education systems and make training more accessible and affordable. 

“Filling the hundreds of thousands of cyber job vacancies across our nation is a national security imperative,” according to a strategy document that highlights multiple public-private sector spending initiatives. “[The strategy] is positioned to empower every American seeking to participate in our digital ecosystem and underscores the critical need to fill a vast number of vacant cyber jobs.”

“Many communities currently underrepresented in the cyber workforce do not envision  themselves in cyber jobs or are not aware of the tremendous opportunity to join this important  and growing workforce. The strategy focuses on empowering Americans to pursue these career  paths in cyber. Many of these jobs are attainable with a certificate or community college degree,  and available now in your local community and across the country,” it added.

“[The national strategy] envisions a skills-based digital future where workers have access to good-paying, middle-class cyber jobs within their communities. In addition, educators are enabled to continuously upskill the public, and  employers can expand and diversify their workforce,” the administration said.

The strategy rollout follows the nomination of former NSA and CIA official Harry Coker to replace the retired Chris Inglis as National Cyber Director.

The Biden administration has also released a National Cyber Strategy that approves mandatory regulations on critical infrastructure vendors and green-lights a more aggressive ‘hack-back’ approach to dealing with foreign adversaries.

Advertisement. Scroll to continue reading.

Related: Harry Coker Tapped for National Cyber Director Job

Related: US Cyber Strategy Pushes Regulation, Aggressive Hack-Back

Related:

Source…

Alarming rise in ransomware attacks on education: Sophos

/in


Leading cybersecurity firm Sophos has shed light on the alarming increase in ransomware attacks targeting the education sector.
Sophos report on recovery cost in educationThe report titled The State of Ransomware in Education 2023, based on a survey of 400 IT / cybersecurity professionals across 14 countries, unveils the real-world experiences of educational institutions in the face of cyber threats.

Spike in Attacks and Data Encryption

The survey findings revealed a stark rise in ransomware attacks on educational institutions. The education sector reported the highest rates of ransomware attacks among all industries surveyed. An alarming 80 percent of lower education providers and 79 percent of higher education providers reported falling victim to ransomware attacks in 2023. This represents a significant surge from the previous year, with rates more than doubling since 2021, when only 44 percent of education providers faced such attacks.

Additionally, data encryption in the education sector has seen a steady increase. Lower education providers reported an 81 percent rate of data encryption, while higher education institutions reported a rate of 73 percent, remaining consistent with the previous year.

“Double Dip” Method and Data Recovery

One worrying trend is the increasing prevalence of the “double dip” method, where cybercriminals not only encrypt the data but also steal it for potential data exfiltration. Of the lower education organizations that experienced data encryption, 27 percent reported that their data was also stolen. In higher education, this figure rose to 35 percent, indicating a growing adoption of this malicious tactic.
Sophos report on ransomware in education sector 2023The ability to recover encrypted data is crucial for organizations facing ransomware attacks. Fortunately, all higher education institutions and 99 percent of lower education organizations were successful in recovering their data. Notably, the recovery rate for the education sector surpasses the cross-sector average, indicating a degree of resilience in the face of such threats.

Root Causes of Attacks

The report also identified the root causes behind the ransomware attacks. For lower education, compromised credentials (36 percent) and exploited…

Source…