Stanford University is warning 27,000 individuals that their personal information was compromised in a ransomware incident that targeted its Department of Public Safety (DPS).
According to Security Week, the university became aware of the breach on September 27, 2023, although the perpetrators had already gained unauthorized access to the Stanford DPS network since May 12. Prompt action was taken to remove the hackers from the system and enhance the network’s security once the attack was detected, as stated by the university.
400 Gigabytes Of Data Stolen From The University
Approximately one month later, the Akira ransomware group took credit for the attack, asserting that they had successfully pilfered more than 400 gigabytes of data from the university, reported Cyber News at the time. Stanford has clarified that the attackers did not breach any other systems apart from the DPS network.
The incident’s nature and extent necessitated a thorough analysis, leading to the conclusion that your data may have been compromised, as stated in the notification letter sent by Stanford to those affected. The stolen personal data varies among individuals, potentially including names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, government ID numbers, and other details.
In some cases, the compromised information may have also encompassed biometric data, health/medical records, email addresses with passwords, usernames with passwords, security questions and answers, digital signatures, as well as credit card information with security codes, according to Stanford’s incident notification.
2022 FBI Universities Warning
Despite the absence of evidence indicating the misuse of compromised information in the Stanford University breach, a 2022 FBI report issued cautionary alerts regarding a threat of credential theft specifically targeting colleges and universities in the United States. Tech Republic states, the primary objective of these attacks is to gather legitimate credentials, which are frequently made vulnerable on both public and private cybercriminal forums or marketplaces.
Credential stuffing attacks are a major concern since once a hacker obtains one set of login credentials, they can utilize tools like OpenBullet to test if they work on numerous other platforms. Since individuals often use the same password across multiple sites, it is common for hackers to gain access to additional accounts once they have successfully breached one system.
Cybercriminals Selling University Network Credentials And VPN Access
The FBI has detected cases of stolen credentials from higher education institutions being shared on cybercriminal forums or marketplaces that are open to the public. Throughout January 2022, Russian cybercriminal forums were found to be selling network credentials and virtual private network access to numerous American universities and colleges. In some instances, screenshots were provided as evidence of the compromised access. The prices for these credentials ranged from a few hundred to several thousand US dollars.
“Traditional Security Measures No Longer Sufficient”
“In light of the persistent cyber threats facing academic institutions as seen with the latest data breach impacting Stanford University, it is evident that traditional security measures are no longer sufficient,” said Brent Agar, VP Strategic Partnerships, SentryBay. “The FBI’s earlier notification underscores the critical need for a more proactive stance against cyber intrusions, particularly those exploiting stolen credentials through keylogging and other sophisticated methods. SentryBay’s anti-keylogging technology offers a dynamic layer of defence that is essential in today’s cyber environment. Unlike conventional security solutions that rely on signatures or known threat patterns, our technology provides true zero-day defence by preemptively securing keystrokes and sensitive data from the moment of entry. This method effectively blinds cybercriminals, preventing them from capturing usable data even if they manage to breach other layers of security.”
Universities Can Significantly Enhance Their Cybersecurity Posture With SentryBay
By partnering with SentryBay, academic institutions can significantly enhance their cybersecurity posture. Our solutions are designed to seamlessly integrate with existing security frameworks, adding a robust layer of protection without requiring extensive changes to network infrastructure or user behaviour. This ensures that faculty, staff, and students can continue their work and studies with minimal disruption, all while benefiting from an elevated level of security.