At a glance.
- Schools in Regina, Saskatchewan, sustain ransomware attack.
- FBI warns universities that stolen credentials are being traded in the dark web.
Canadian school district hit with ransomware.
The Regina Public School District, located in Saskatchewan, Canada, has disclosed it suffered a cyberattack on May 22 that forced the district to shut down its online systems. A tweet posted by the school board reads, “When the school division noticed the suspicious activity on its systems, it took immediate action, suspending all affected systems and securing them to mitigate any impact to data and operations.” CBC News reports that the ransomware group BlackCat/ALPHV, aka DarkSide (which gained recent notoriety for shutting down the US’s Colonial Pipeline last year) has claimed responsibility for the attack. The hackers left a note stating they’d encrypted 500 gigabytes of files and are now in possession of copies of data including tax reports, health information, passports, and social insurance numbers.
The impact on school operations is hard to predict, but many online teaching tools have been shut down, and online grading systems are currently unavailable, which could make completing end-of-year reports a challenge. "It's a difficult time for staff and we just hope that they're able to get through this and preserve as much student work and conduct final assessments as efficiently as possible," said Patrick Maze, president of the Saskatchewan Teachers' Federation. Experts say the district now has the choice of paying whatever ransom the attackers have demanded (which will not guarantee safe return of the data), or restoring the entire network from backups, which could take weeks or even months to complete. CTV News notes that this is not the first major cyberattack the province has experienced recently, as the Health sector and the Saskatchewan Liquor and Gaming Authority were both targeted in the past two years.
Higher ed login credentials for sale in underground forums.
The US Federal Bureau of Investigation on Thursday issued an alert warning college and university login credentials are being offered up for sale on the dark web, Campus Technology reports. The notification reads, “As of January 2022, Russian cyber criminal forums offered for sale or posted for public access the network credentials and virtual private network accesses to a multitude of identified U.S.-based universities and colleges across the country, some of which included screenshots as proof of access.” The FBI says that in May of last year it found over 36,000 login credentials for email accounts ending in .edu publicly available on instant messaging platforms popular among cybercriminals.
The Record by Recorded Future notes that while in most cases the price of the credentials ranges from a few to multiple thousands of dollars, in some instances the hackers are simply requesting “donations” in exchange for access to the stolen data. The FBI warns that the trading of such credentials significantly increases the risk of brute force credential-stuffing attacks and could lead to identity theft. Ransomware expert Brett Callow told SC Media of the alert, "It's not at all surprising and highlights the importance of MFA.” Indeed, the FBI’s recommendations to institutions include the implementation of multi-factor authentication, as well as updating all software and operating systems, establishing user awareness training programs, using anomaly detection tools to identify unusual traffic increases or failed authentication attempts, and segmenting networks to help prevent the spread of malware.