Universities have been targeted for well over a decade.
These institutions are the steward of their student’s data and information. As
this is valuable for the persons attacking the institutions, the attacks tend
to be rather frequent. Recently, York University, a university in Canada was
successfully attacked.
Attack Timing
When you are planning an attack, you probably don’t want to
begin this when the cybersecurity staff is there, monitoring the systems, and
ready to address the attack right after it is detected. It would be much better
to wait until there is not a full staff present to work to stop the attack.
The attackers took the page from the standardized attack
playbook and began their attack on Friday evening. At this point, the staff was
headed home for the weekend and not thinking about cybersecurity.
Attack
The attackers were focused on the areas which were holding
the data, which they were seeking to exfiltrate. The target, in this case, were
the servers and workstations at the University.
Mitigation
While the attack was timed well, the staff was able to
detect this quickly. Without their work, the attack effects would have been
much worse. The staff was able to directly address this to limit the successful
aspects of the attack. The primary method to resolve this was to shut down the
University’s computer systems, disconnecting these from the internet.
After the attack, they also contracted with external computer
forensic professionals. Their role was to fully research the attack. The attack,
per the University, was complex. Regardless of this, the research work will
take a fair amount of time to fully complete.
Over the weekend the University was able to restore the
Office 365, password change, on-campus student access to the internet, and the
University website.
The University also worked on restoring the VPN for HR and
Finance, central mail, and the remaining faculty websites.
The University is requiring everyone with the University to
reset their passwords. This was directly due to the successful attack.
Additional
Information?
At this stage, there has not been much information provided.
The forensic examination would require the time needed to fully explore the
attack. As much as possible, every facet needs to be detailed and correct.
While this is the standard operating procedure, the
University has not provided much information regarding the attack. This should
be released so that the industry can learn from this.
One aspect the students did not appreciate was the lack of
communication from the attack. The University did not communicate this to the
students. The students had to learn of this from statements posted online and
on social media. With an attack of this nature, potentially having their data
compromised to whoever did the attack, really should have had an official
communication.
Resources
Cameroon Magazine. (2020, April 5). York university falls
victim to a serious attack. Retrieved from https://fr.cameroonmagazine.com/actualite-internationale/york-university-falls-victim-to-a-serious-cyber-attack-news/
CBC News. (2020, May 4). Students, experts call for
explanation after York university suffers ‘extremely serious’ cyber attack.
Retrieved from https://www.cbc.ca/news/canada/toronto/york-university-cyber-attack-1.5555106
DH Toronto Staff. (2020, May 4). York university falls
victim to a “serious cyber attack”. Retrieved from https://dailyhive.com/toronto/york-university-serious-cyber-attack
No comments:
Post a Comment