Michigan State University (MSU), located in East Lansing,
Michigan, is one of the premier institutions in the Midwest. This is a 5,300-acre
campus with 563 buildings, with nearly 20,000 cares throughout Michigan used
for agricultural and natural resources research and education. In Fall 2019,
there were 49,809 students. With such a large number of students, the amount of
data generated by the students and administration staff is massive year after
year. This data, including the confidential data from the students, provided a
significant target for the attackers. This proved to draw these persons to the
University’s servers and data.
Attack
Ransomware has been a nasty part of our environment from the
last few years. This is a good attack tool due to its low operational overhead
and potential large payoff. With this mode, it simply takes the right person
in the right department to click on the malware or link. Unfortunately for MSU,
the tool was used against the university successfully. The attackers were able
to breach the network, access the targeted data, and exfiltrate this. The
attackers have demanded a ransom to be paid within a week of the successful
attack or they will publish the stolen files. If the university happens not to
pay the ransom, the attackers are willing to leak the documents.
Data
The university believes, but is not certain, that the breach
and subsequent intrusion was to one (1) isolated unit on the campus. While this
is a good thing, the breach itself is still an issue. The files included
student, e.g. passport scans, and other private, confidential data, along with
university financial documents.
Attackers
The attackers apparently used Netwalker, sometimes referred
to as Mailto, ransomware. The ransomware variant was coded to attack the
enterprise, in comparison to individual user stations. With this ransomware
variant, once the clock runs down to zero, the data and the decrypt key are
automatically published.
Mitigation
This is a rather significant issue. There is a prominent
university pwned, and their data is being held for ransom. After this was
detected, the IT Department took offline the affected systems and servers. This
was done to prevent further exposure. MSU’s IT Department notified law enforcement,
including the MSU Police Department and Michigan State Police, of the
successful attack and threats to begin the investigation.
The latest successful attack is yet another clear indication
that we need more cybersecurity training that is relevant. Without this, these
attacks will continue to be successful and cause an abundance of harm to the organization,
staff, and other parties as part of the collateral damage.
Resources
Cimpanu, C. (2020, May 28). Michigan state university hit by
ransomware gang. Retrieved from https://www.zdnet.com/article/michigan-state-university-hit-by-ransomware-gang/
Dissent. (2020, May 28). Michigan state hit by ransomware
threatening leak of student and financial data. Retrieved from https://www.databreaches.net/michigan-state-hit-by-ransomware-threatening-leak-of-student-and-financial-data/
Freed, B. (2020, May 27). Michigan state hit by ransomware
threatening leak of student and financial data. Retrieved from https://edscoop.com/michigan-state-hit-by-ransomware-threatening-leak-of-student-and-financial-data/
Guzman, W. (2020, May 28). Michigan state target of
ransomware attack threatening to release university data. Retrieved from https://statenews.com/article/2020/05/michigan-state-target-of-ransomware-attack-threatening-to-release-university-data?ct=content_open&cv=cbox_latest
Marowski, S. (2020, May 28). Ransomware attack threatens to
release stolen Michigan state university files. Retrieved from https://www.mlive.com/news/jackson/2020/05/ransomware-attack-threatens-to-release-stolen-michigan-state-university-files.html
Michigan State University. (n.d.). MSU facts. Retrieved from
https://msu.edu/about/thisismsu/facts.php
No comments:
Post a Comment