At a glance.
- Class dismissed in Minnesota.
- Sextortion assistance companies prey on victims.
- For spyware targets, QuaDream is anything but sweet.
Class dismissed in Minnesota.
Rochester Public Schools, a K-12 school district located in the US state of Minnesota, has disclosed that it experienced a “cyber event” that forced administrators to cancel classes on Monday. The irregular activity was first detected on Thursday, April 6, and in response the district immediately took the network offline. Staff, parents, and the rest of the school community were notified on Friday, and on Saturday the superintendent released a statement asking students not to report for classes on Monday. On Monday the district confirmed that an intruder had gained access to some school district data. The school’s announcement read, “Please know, as of now, we have no evidence that any data associated with this event has been used for financial fraud or identity theft.” Students were set to return to classes yesterday as staff work to restore the district’s networks and experts investigate the nature and scope of the breach. Doug Levin, national director of the K12 Security Information eXchange, a national nonprofit that helps schools protect against cybersecurity threats, told KARE 11, “It's absolutely the case that it can take days or even weeks to determine actually what happened and what may be at risk.” Levin also noted the rise in ransomware attacks targeting schools, which are seen as valuable targets given the copious amounts of sensitive information they handle, often without the resources for adequate cybersecurity. This is not the first cyberattack impacting a school in Minnesota in recent days, as Minneapolis Public Schools experienced what appears to be a ransomware attack several weeks ago that resulted in "certain data" being published on the dark web.
Dror Liwer, co-founder of cybersecurity company Coro, wrote to report that they've seen attacks against schools increase dramatically. “We have seen a triple digit year-over-year increase in attacks against educational institutions at all levels. Student, staff and donor data is extremely valuable to attackers who either use it for fraud purposes or hold it for ransom," Liwer said. "Most education institutions do not have the budgets or staff to contend with the quickly evolving threat landscape. We believe the emergence of unified, AI-powered cybersecurity platforms are the only solution that can alleviate the unique issues schools face.”
Sextortion assistance companies prey on victims.
Last December the US Federal Bureau of Investigation (FBI) warned that they were seeing a rise in sextortion cases, with seven thousand cases of online financial sextortion of minors. Now, Help Net Security reports, the FBI is warning that sextortion victims are being exploited by the very companies that are supposed to be helping them. “Sextortion assistance” services companies are cropping up, convincing victims to part with large sums of money to pay for supposed assistance. The FBI explains, “Some of the services for which the companies charge fees, such as sending the perpetrators cease and desist orders, make victims feel better but are not legally enforceable.” Some of these fraudsters use scare tactics to coerce victims into signing contracts with them. It’s unclear whether these companies are actually legitimate firms or merely fronts for scam operations. “Limited reporting indicates the companies are directly or indirectly involved in the sextortion activity,“ the FBI stated. The alert notes that instead of falling prey to these companies, victims should contact law enforcement and seek assistance from non-profit organizations and law firms that can provide their services free of charge.
For spyware targets, QuaDream is anything but sweet.
TechCrunch reports that hackers used surveillance software produced by Israeli spyware maker QuaDream to hack the phones of at least five victims that include journalists, political opposition figures, and an NGO worker. Researchers at Microsoft and the digital rights group Citizen Lab yesterday released technical reports on samples of a QuaDream-created spyware that was distributed to the victims’ iPhones via malicious calendar invites, post-dated in order to avoid detection. Citizen Lab states, “QuaDream Ltd is an Israeli company that specialises in the development and sale of advanced digital offensive technology to government clients. The company is known for its spyware marketed under the name ‘Reign,’ which, like NSO Group’s Pegasus spyware, reportedly utilises zero-click exploits to hack into target devices.” Microsoft explains that the zero-day exploit used to hack the target devices was developed for iOS 14, and at the time of the attacks Apple was unaware of its existence. Apple released a patch for the vulnerability in March 2021, and spokesperson Scott Radcliffe said that there’s no evidence showing the exploit was used after that date. While the identities of the victims have been withheld in order to protect their privacy, Citizen Lab Senior Researcher Bill Marczak says the targets are all located in different countries. The Washington Post notes that QuaDream has customers in at least ten countries including Bulgaria, Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates, and Uzbekistan. Although spyware makers have operated quietly for years, abuse of such hacking tools came to the forefront last year when QuaDream rivals NSO Group and Candiru came under scrutiny after their spyware products were found to be used to spy on hundreds of journalists, activists, and politicians across the globe. Amy Hogan-Burney, the general manager of Microsoft’s Cybersecurity Policy & Protection, told the Wall Street Journal, “The explosive growth of private ‘cyber mercenary’ companies poses a threat to democracy and human rights around the world.”