Community College Ransomware Attack Wreaks Havoc
We don't yet know if the community college paid a ransom.
![College classroom College classroom](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt02aabc18e577b5ea/65244efc66aecd0a4c6cd8fc/College-Classroom.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: What sort of damage has occurred and could still occur from this attack?
Armis’ Nadir Izrael: So far, the biggest damage has been canceled online classes since the school’s network and telephone system have been shut down. They are still holding in-person classes and any in-person meetings, but anything virtual is currently canceled. Depending on how deep into the school’s network the hackers were able to get, they could have obtained extensive personal information on students ranging from home addresses to bank information, to Social Security numbers, all of which can lead to identity theft and irreparable damage to a person’s personally identifiable information (PII) and private identity.
CF: Could there have been safeguards in place to prevent this attack or minimize the impact of a successful attack? If so, what are those safeguards?
NI: These types of attacks are going to happen, so ensure you can detect and respond quickly. Organizations also need to invest in robust security measures such as network firewalls, complete asset visibility, and threat detection scanning. Organizations must be able to track behavior, identify threats, and immediately take action to protect the safety and security of their operations. We recommend that you shift your focus from simply the devices themselves that are on your network to the way these devices interact with your networks and other systems.
CF: Do we know if a ransom was paid in this attack? Should the college pay the ransom? If not, why?
NI: If there was a ransom, it is best for the school not to pay and work with federal authorities to regain access to their network. While ransom payments can seem like the quick-fix option, and in some cases organizations opt to pay as it is less costly than a shutdown, it often does not solve long-term problems. For example, if the hackers stole personal information on students, then, even after being paid, they could easily sell that information on the dark web.
CF: Are we likely to see similar attacks on schools? Are these attacks as critical as major attacks like Colonial Pipeline and JBS?
NI: As we have seen over the past few months, critical infrastructure hacks such as Colonial Pipeline and JBS are becoming more and more common. However, this lends itself to a larger trend we are starting to see in the security world, which is that bad actors ranging from script kiddies to criminal organizations are targeting the vulnerable devices in all industries and sectors, beyond just our critical infrastructure. I would not be surprised if we start to see similar attacks on other schools, especially later into the summer when the fall semester starts, as that is when personnel will be more distracted and an organization’s perimeter is easier to breach.
Researchers at Nordlocker are reporting a nameless malware stole a database in the cloud that contained 1.2 terabytes of private data that came from 3.25 million Windows-based computers.
The malware infiltrated the computers and stole the data between 2018 and 2020. The trojan-type malware was transmitted via email and illegal software.
The malware stole nearly 26 million login credentials holding 1.1 million unique email addresses, more than 2 billion cookies and 6.6 million files.
More than half of the stolen files were text files, according to Nordlocker. A lot of this collection likely contains software logs. It is also disturbing that some people even use Notepad to keep their passwords, personal notes and other sensitive information.
The malware stole more than 1 million images, including 696,000 .png and 224,000 .jpg files. The database also contains over 650,000 Word documents and .pdf files.
The analysis revealed the malware made a screenshot after it infected the computer and also took a picture using the device’s webcam.
Rajiv Pimplaskar is Veridium‘s chief revenue officer.
“The abrupt shift to remote work due to COVID-19 during the past year also coincidentally corresponds to a 72% increase in ransomware attacks during the same time period,” he said. “This suggests that several home computers in use for work-from-home purposes may in fact have already been infected by malware for quite some time, but are now being increasingly triggered by bad actors as they carry interesting corporate data traffic. The Nordlocker report highlights how keyloggers and other disciplined malware attacks can be conducted across a large surface area over an extended period of time. These can successfully harvest copious amounts of sensitive data, including credential and biographic information, which can then be sold on the black market.”
This data can also be misused for social engineering and lateral movement to facilitate secondary attacks on progressively higher value targets such as financial accounts, Pimplaskar said.
“Unfortunately the weakest link in the security landscape is still the password,” he said. “Organizations and users need to accelerate their journey to passwordless authentication methods such as phone-as-a-token and/or FIDO2 security keys. These authenticators create an unphishable relationship with the user and eliminate the need for password-based credentials, thereby improving the organization’s resilience against such cyber attacks.”
Nearly one-third of Americans aren’t sure the last time they changed their passwords or never have at all. This is music to cybercriminals’ ears.
PC Matic‘s 2021 Password Habits and Hygiene Report surveyed 2,500 Americans about their password behaviors and tendencies. The survey also revealed lax corporate password policies, finding nearly one-fifth of employers nationwide never require their employees to change their passwords.
More key findings include:
Nearly 60% said they’ve never changed their home Wi-Fi password, or that it hasn’t been changed since setup. That’s up from 50% in 2020.
Forty percent said they are using the password lockout feature on both their work and home computers. This is up from 25% in 2020.
Just shy of 45% of employers don’t require their employees to use a VPN, compared to 46% in 2020.
More than one-half of respondents admit to checking personal email accounts at work. That’s unchanged from 2020, and still presents an imminent threat to corporate networks.
Rob Cheng is PC Matic’s CEO and founder.
“As employees transition from work-from-home to in-office work environments again, it is the perfect time to implement password policies and procedures that can keep employees and corporate networks safe,” He said. “[This report] aimed to understand the policies and procedures being implemented and abided by users across the nation, and provides further insight into how corporate IT professionals can protect networks from cybercriminals.”
KnowBe4 has launched new training content called Compliance Plus. It helps senior management, risk, compliance and HR executives struggling with employee lack of engagement with compliance training.
Compliance Plus offers an interactive and engaging experience with real-life simulated scenarios to help teach employees how to respond in a challenging situation. The content addresses difficult topics like sexual harassment, diversity and inclusion, discrimination and business ethics.
Moreover, Compliance Plus includes various types of media formats and reinforcement materials to support compliance training programs.
Perry Carpenter is KnowBe4‘s chief evangelist and strategy officer. He said Compliance Plus will be a “big win” for KnowBe4 partners.
“The simple truth is that every organization is subject to a wide range of compliance requirements,” he said. “That means that each organization also needs to provide their employees with training regarding the compliance requirement and what is expected of them. KnowBe4 steps in to help here in a few ways. We are already well-known for our super engaging content in the security awareness space. Compliance Plus extends that same engagement formula into the compliance space. So now HR teams and other divisions responsible for compliance can benefit from the same type of engaging content that security teams have been leveraging for years. And that also means that HR teams and security teams can jointly adopt KnowBe4’s platform as a core learning management system (LMS) for their organization.”
Adding Compliance Plus extends KnowBe4’s reach and influence into a naturally adjacent area because there is natural overlap between security and compliance, Carpenter said.
“However, the buying centers for security awareness content and compliance content are not the same,” he said. “This means that KnowBe4 and our partners now have a voice and audience with a new buying center. That extends our reach and, as we consistently show value in both of these areas, new growth opportunities will present themselves.”
There is also a natural competitive advantage in having “great content” in both awareness and compliance, Carpenter said.
KnowBe4 has launched new training content called Compliance Plus. It helps senior management, risk, compliance and HR executives struggling with employee lack of engagement with compliance training.
Compliance Plus offers an interactive and engaging experience with real-life simulated scenarios to help teach employees how to respond in a challenging situation. The content addresses difficult topics like sexual harassment, diversity and inclusion, discrimination and business ethics.
Moreover, Compliance Plus includes various types of media formats and reinforcement materials to support compliance training programs.
Perry Carpenter is KnowBe4‘s chief evangelist and strategy officer. He said Compliance Plus will be a “big win” for KnowBe4 partners.
“The simple truth is that every organization is subject to a wide range of compliance requirements,” he said. “That means that each organization also needs to provide their employees with training regarding the compliance requirement and what is expected of them. KnowBe4 steps in to help here in a few ways. We are already well-known for our super engaging content in the security awareness space. Compliance Plus extends that same engagement formula into the compliance space. So now HR teams and other divisions responsible for compliance can benefit from the same type of engaging content that security teams have been leveraging for years. And that also means that HR teams and security teams can jointly adopt KnowBe4’s platform as a core learning management system (LMS) for their organization.”
Adding Compliance Plus extends KnowBe4’s reach and influence into a naturally adjacent area because there is natural overlap between security and compliance, Carpenter said.
“However, the buying centers for security awareness content and compliance content are not the same,” he said. “This means that KnowBe4 and our partners now have a voice and audience with a new buying center. That extends our reach and, as we consistently show value in both of these areas, new growth opportunities will present themselves.”
There is also a natural competitive advantage in having “great content” in both awareness and compliance, Carpenter said.
An apparent community college ransomware attack this week wreaked havoc on the school’s network and telephone system, and disrupted classes.
The attack shows that while the Colonial Pipeline and JBS USA attacks grabbed headlines in the past few weeks, other, lesser-known attacks are wreaking havoc.
Des Moines Area Community College (DMACC) canceled all classes for four days after malicious hackers forced it to shut down parts of the school’s network and telephone system. We don’t yet know if DMACC has paid a ransom.
DMACC had to post updates on Facebook, Twitter and a bare-bones version of its site. It also asked faculty, staff and students to avoid using Microsoft Office 365, as well as online learning platform Blackboard.
Online Classes Still Canceled
On Friday, DMACC resumed in-person classes; however, it hasn’t resumed online classes due to continuing network limitations.
In addition, it asked faculty and staff not to sign on to any computer while at any DMACC location.
DMACC said it continues to make progress toward restoring its network and “bringing us all back online together.”
Armis’ Nadir Izrael
To find out more about this community college ransomware attack and why bad actors are targeting schools, we spoke with Nadir Izrael, Armis‘ CTO. He said the school is still trying to figure out how deeply the hackers got into its network. They’re also trying to determine if the hackers stole any personal information.
Channel Futures: What do we know about how this attack occurred? Were the threat actors successful in their attack?
Nadir Izrael: The hackers were successful in their attack as the security incident forced the school to shut down parts of its network, resulting in online classes being canceled for four days and counting, and telephone systems. The attack appears to be ransomware, but we’re still waiting on confirmation.
Check out our slideshow above for more of Simpson’s comments on the attack, and more of this week’s cybersecurity news.
Read more about:
MSPsAbout the Author(s)
You May Also Like