Eduvation

Navigation Link

Eduvation

Eduvation Blog

Thursday, January 21, 2021  |  Category: Eduvation Insider

Cyber Cat and Mouse in the Matrix

Good morning!

For the past year, most of our academic and professional lives, if not also our social and family lives, have existed solely in virtual form. In a very real sense, your institution’s website, servers, and data systems have become the entire institution. Many of us haven’t stepped foot on a physical campus since March. We’re living in the matrix (without the hi-rez VR).

As millions of students, staff and faculty have worked from home, accessed virtual classrooms and libraries, virtual private networks and databases, networks have been under unprecedented demand for bandwidth, and our institutions have become vulnerable like never before to cyberattacks, from Zoombombing to ransomware…

 

Buffering…

System Overload

For months I’ve been struck by the fact that virtually every single day, 2 or 3 CdnPSE Twitter accounts have been posting warnings or apologies that one system or another has gone offline. Sometimes it’s been the LMS, lecture capture, or accounting systems. Often it has been the course registration system, crashing on the first day as every student races to get their preferred prof or timeslot. For learners studying online, system outages are the equivalent of arriving at campus to find the gates chained shut.

 

The Digital Divide

Last year we heard about the significant challenges faced by students in rural and remote areas, where the “digital divide” effectively left them out of synchronous class activities or even the ability to watch recorded lectures. The FCC reported that 21M Americans don’t have access to quality broadband internet (although some estimates suggest the number is actually double that). Reliable internet is unavailable to 14% of Canadians, 59% of rural Canadians, and 72% on First Nations reserves. In early November, Justin Trudeau announced a $1.75B “Universal Broadband Fund” to deliver high-speed internet to rural and remote Canadians, and a $600M contract with Telesat to provide broadband via satellite. The aim is to connect 98% of the country by 2026.

“Broadband is absolutely essential in the ability of people to be able to participate in society, in democracy, and in the economy. We have a digital divide that we’ve talked about for years, but the threat of this crisis is that it becomes a digital chasm.”Jon Sallet, Senior Fellow, Benton Institute for Broadband & Society

 

Widespread Outages

Earlier this month, millions of Ontarians got a taste of the problem for hours, as a “massive outage” hit multiple internet service providers from Windsor to Ottawa. Rogers, Cogeco, and Bell internet went down for hours on Tuesday Jan 5, and again on Friday Jan 8, from 10am through early afternoon. School boards in Kingston, Windsor, Halton and Ottawa all issued social media notices, and asked for patience.

 

Remote Risks

With billions of people working and studying from home during the pandemic, the opportunities for hackers and cybercriminals are irresistible…

 

Cyber Risks of WFH

Microsoft’s cloud services saw a 775% increase in use when lockdowns went into effect last year. Brock U digital media prof Aaron Mauro explains that “the person at the screen or keyboard is always the weakest point in any technical system.” Criminals will use “social engineering” through phishing emails or messages to trick us into divulging sensitive information. Key rules of thumb include confirming email addresses and URLs, using file sharing sites rather than attachments, and maintaining consistent offline backups. He also describes increasing cyberattacks again municipalities, hospitals, airports and more. We can expect more “zero trust architecture” and “multi-factor authentication” to mitigate the risks.  The Conversation

 

Securing Hybrid Employees

In an era of “hybrid work” and “hyperdistributed enterprise applications,” it is particularly challenging to maintain open, productive networked environments while also maintaining security. The World Economic Forum reports that 71% of security professionals report an increase in cyberthreats under COVID19. 78% of employees inadvertently put data at risk, 57% by saving passwords in browsers that 21% allow other members of their household to use. Checkpoint Software suggests there are parallels between the biological and cyber pandemics, but that cyber threats have a much higher R0 factor. Best practices include quarantine, cyber hygiene, and threat tracing.  World Economic Forum

 

Hacks & Breaches

Hackers have been ramping up their attempts to plant ransomware using email phishing attacks, at hospitals, government departments, universities and large corporations. Many of these attacks are not made public, particularly when ransom has been paid, but an increasing number are hitting my radar…

 

uCalgary paid $20K Ransom

In June 2016, uCalgary announced that it had paid a $20,000 ransom to regain access to its own email systems. “We are a research institution, we are conducting world class research daily and we don’t know what we don’t know in terms of who’s been impacted… the last thing we want to do is lose someone’s life’s work.”  CTV

 

UNB wards off “Millions” of Cyberattacks

In September 2016, uNew Brunswick reported a dramatic increase in “brute force remote intrusion” cyberattacks on its servers – 185 million in a single week. On average, UNB saw 50-85M attacks a week. The attacks are the digital equivalent of “shaking locks and checking for open doors and windows,” attempting to connect to every port of every device on campus.  CBC

 

SFU Ransomware Attack

A brute force ransomware attack in Feb 2020 stole the personal information of ~250,000 students, faculty, and alumni at Simon Fraser U, including student and employee numbers, birthdates, and encrypted passwords. No banking or financial information was compromised, and SFU said no-one was at risk of identity theft. SFU did not pay a ransom, since the breach was “a copy of old data.” IT staff learned of the attack the following day, and disclosed it to the campus 3 days later (1 business day). But when SFU suggested everyone change their passwords, the university’s password reset system was quickly overwhelmed, in some cases locking staff out of their work for up to 6 hours. CBC

 

Porous Perimeters in a Pandemic

Last June, hackers stole sensitive data (including social security numbers, passport and banking details) from Michigan State U’s physics and astronomy unit, UC San Francisco, and Columbia College Chicago, demanding an unknown ransom within 6 days. MSU declared it would not pay, prompting the hackers to progressively leak data on the dark web. UCSF and CCC appear to have negotiated or paid the ransom. Privacy experts recommend that institutions practice good “data hygiene” (delete data you don’t need), and encrypt sensitive information. Inside Higher Ed

“It’s a constant game of cat and mouse. As soon as we understand one threat, a new one emerges.”Brian Kelly, Director of Cybersecurity, Educause

 

uUtah paid $450K Ransom

Last August, the uUtah revealed that it paid extortionists $457,059.24 to stop a cyberattack on servers at its College of Social and Behavioural Science in July. The “unknown entity” encrypted just 0.02% of the data stored there before IS detected the attack. The affected servers were isolated, cleaned, and reinstalled from backups – but because they included employee and student information, the ransom was paid “as a proactive and preventive step to ensure information was not released on the internet.” US News

 

Blackbaud Data Breach

Also last August, Trent U advised 38,000 alumni and donors that their data was involved in the Blackbaud ransomware hack, which also affected Western U, uManitoba, uRegina, St Lawrence C, and other PSE clients.  Global

 

COVID19 Vaccine Hack

The WHO and global law enforcement agencies have been aware for some time that cyberattacks and hacking efforts could pose a major threat to the race to develop and distribute a COVID19 vaccine. Claims have been made public that Russia, China and other state-sponsored groups have breached systems to gather data on vaccine trials. Pfizer announced in early December that hackers had accessed “documents relating to the regulatory submission” at the European Medicines Agency, potentially opening up distribution partners to further cyberattacks or theft.  Globe & Mail

 

SaskPolytech Attack

Last Hallowe’en, Saskatchewan Polytechnic experienced a cybersecurity incident that disrupted their website, intranet portal, VPN, Outlook email and calendars, Zoom, lecture capture, Brightspace and Banner. Since Nov 1, SaskPoly’s IT Services has been working with external experts and vendors to gradually restore systems – and even today, some systems are not yet available, including student records and enrolment services in the portal. Throughout the incident, the institution has emphasized that “at this time, there is no reason to conclude personal information has been breached.” Updates on the situation are being shared at a purpose-built website, campusupdate.ca.

 

Saint John Attack

The city of Saint John, NB was rebuilding its network earlier this month rather than submit to ransomware demands, in the wake of an attack in November. “Instead of repair, we have decided to build an entirely new network.” The rebuild is expected to take a few more months, and will be paid in part through insurance.  Globe & Mail

 

DDoS Attacks

The night of Dec 2, York U experienced a Distributed Denial of Service (DDoS) attack, targeting university systems like eClass. York’s IT team implemented countermeasures and appeared to have the situation under control by 7pm.  Twitter

 

The Growing Threat

“Cyber Pearl Harbour”

In mid-December it became clear that Russian hackers used a “supply chain attack” to access systems at ~18,000 companies (potentially including 425 of the Fortune 500, and perhaps some PSEs), and across many US government departments and agencies. Starting as early as October 2019, the hackers leveraged a single weak link at the Texas IT services firm SolarWinds to distribute tainted updates to a software product (Orion), which then gave them access to every user’s Microsoft 365 email and Azure Cloud infrastructure, allowing them to manipulate network security in ways that appeared legitimate. They reportedly breached multiple American federal agencies, including the State Department, Homeland Security, Commerce, Defense, the Treasury, the National Institutes of Health, and the Nuclear Security Administration. Victims included Cisco, Intel, Microsoft, and many others – and the hack is still ongoing in many countries (although notably not in Russia). SolarWinds’ customer list includes Harvard, Clemson, uAlaska and other higher ed institutions. Kent State may have been affected.

Microsoft president Brad Smith said the hack “represents an act of recklessness that created a serious technological vulnerability for the United States and the world.” Tellingly, the Trump administration delayed making a public warning for weeks, and then downplayed the hack, suggesting perhaps China could be responsible.  The Independent  The Verge  Wired  Inside Higher Ed  Global

 

 

“I want to be clear: my administration will make cybersecurity a top priority at every level of government, and we will make dealing with this breach a top priority from the moment we take office.”Joe Biden, US President

 

Sadly, there is no reason to believe that the escalating number and sophistication of cyberattacks will subside in 2021 or beyond…

 

Ransomware Gangs “Professionalize”

2020 saw a significant increase in ransomware attacks, from increasingly bold cyberterrorists who not only encrypted data, but “exfiltrated” it, threatening to release it to criminals unless a ransom was paid. In September and October, hospitals and school boards were hit particularly hard, with disastrous and life-threatening results. Instead of demanding small ransom payments from thousands of individuals, hackers are now planning attacks against hand-picked targets, biding their time for the perfect moment,  and demanding massive ransoms. The average “fee” requested has risen from $5,000 in 2018 to $200,000 in 2020!  Wired

“Credit where credit is due, the ransomware groups have done a tremendous job of growing their business.”Brett Callow, Threat Analyst, Emsisoft

 

Internet Everywhere?

The Internet of Things seems likely to bring cybersecurity risks up to the moon, and even down into some people’s pants…

 

Lunar Internet

In October, Nokia announced that Bell Labs has a $14M contract from NASA to build and deploy the first ultra-compact, low-power, space-hardened, end-to-end LTE solution on the lunar surface in late 2022. (It will later evolve to 5G, so perhaps astronauts will be able to stream Netflix.)  Space Explored

 

A “Software” Hack

As the Internet of Things (IoT) and wearable devices proliferate, the threat of cyberattacks only grows more… personal. Last October it was uncovered that Qiui, the Chinese manufacturer of internet-connected “chastity cages” for men, had a vulnerability in their software API. Sure enough, cybercriminals took control of the devices, aptly named “Cellmates,” and demanded Bitcoin ransom of about $750 to unlock consumers’ private parts. Apparently “a heavy-duty bolt cutter or angle grinder” would be required to free the “submissive.” The US distributor for Qiui assures us that the software vulnerability has been patched in the latest version of their app.  TechCrunch

 

 

As always, thanks for reading!  Stay safe online, as well as in line at the grocery store!

Ken

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Please answer the question below to confirm that you are not a spambot * Time limit is exhausted. Please reload CAPTCHA.

All contents copyright © 2014 Eduvation Inc. All rights reserved.