At a glance.
- Update on MOVEit-linked Michigan State University data breach.
- Report shows education is most targeted sector by ransomware operations.
Update on MOVEit-linked Michigan State University data breach.
As we noted yesterday, US college Michigan State University (MSU) disclosed it was impacted by the breaches of National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association of America (TIAA) as a result of the mass-hack targeting the MOVEit file transfer application. State News spoke with Rick Wash, a professor in MSU’s media and information department, who says it’s unclear just what data was exposed, or whether the ransomware group behind the hack, known as Cl0p, will make good on their threats and release the info to the public. “It’s not great for us, but it’s not as bad as it would be if they were specifically doling out the bad pieces of data and selling it,” said Wash.
MSU spokesperson Dan Olsen told WKAR Public Media that it’s still unclear how many members of the MSU community were affected by the breach. "Both organizations have assured us that they would reach out to impacted individuals to share information that may have been exposed, as well as provide additional support and resources for them," he stated. As Bank Info Security reports, German cybersecurity firm KonBriefing says the total number of organizations impacted by the MOVEit attacks has reached 455 as of yesterday. Along with MSU, Cognisight, Pacific Premier Bank, Northwestern Mutual, and the Brighthouse and TransAmerica life insurance companies are among the recently disclosed victims. After analyzing the figures released by impacted organizations, security firm Emisisoft says at least 23 million individuals' personal details have been stolen by the attackers. However, only about 20% of the targeted organizations have released victim numbers, so it’s likely the full tally is even larger. It’s estimated that Cl0p currently stands to make approximately $75-$100 million from ransom payments.
Report shows education is most targeted sector by ransomware operations.
Security vendor Sophos has just released the “The State of Ransomware in Education 2023,” and it shows that the education sector was the industry hardest hit by ransomware attacks last year. According to the survey of four hundred IT/cybersecurity professionals working in education across fourteen countries, 80% of lower educational organizations and 79% of higher educational organizations reported being hit by ransomware. GlobeNewswire News notes that this represents an increase from 64% and 56% in 2021. When it comes to methods of attack, exploits and compromised credentials accounted for 77% of ransomware attacks in higher ed and 65% in lower ed.
Sophos field CTO Chester Wisniewski explained, “Abuse of stolen credentials is common across sectors for ransomware criminals, but the lack of adoption of multifactor authentication (MFA) technology in the education sector makes them even more at risk of this method of compromise. Like the U.S. federal government’s initiative to mandate all agencies use MFA, it is time for schools of all sizes to employ MFA for faculty, staff and students. It sets a good example and is a simple way to avoid many of these attacks from getting in the door.” The sector also reported one of the highest rates of paid ransoms, with 56% of higher education providers and 47% of lower educational organizations paying. Meeting ransom demands, unfortunately, seems to have paid off, as recovery costs (excluding any ransoms paid) for higher educational organizations that paid the ransom were $1.31 million when paying the ransom versus $980,000 when resorting to backups. InfoSecurity Magazine notes that while educational institutions are not typically cash-rich, they are attractive targets because the pressure to avoid canceling classes is likely to compel schools to pay up. Wisniewski explains, “The pressure to keep the doors open and respond to calls from parents to ‘do something’ likely leads to pressure to solve the problem as quickly as possible without regard for cost. Unfortunately, the data doesn’t support that paying ransoms resolves these attacks more quickly, but it is likely a factor in victim selection for the criminals.”