- From Alerts to Action: How AI Empowers SOC Analysts to Make Better Decisions
- Herencia, propósito y creatividad confluyen sobre un manto tecnológico en los irrepetibles UMusic Hotels
- OpenAI, SoftBank, Oracle lead $500B Project Stargate to ramp up AI infra in the US
- 오픈AI, 700조원 규모 'AI 데이터센터' 프로젝트 착수··· 소프트뱅크·오라클 참여
- From Election Day to Inauguration: How Cybersecurity Safeguards Democracy | McAfee Blog
Authorities Warns of New Surge in Ransomware on Education Sector
The UK’s leading cybersecurity authority has updated its guidance on ransomware following a spate of attacks on the education sector.
GCHQ spin-off, the National Cyber Security Centre (NCSC), said it was investigating another rise in threats targeting schools, universities and colleges.
“Ransomware attacks can have a devastating impact on organizations, with victims requiring a significant amount of recovery time to reinstate critical services. These events can also be high profile in nature, with wide public and media interest,” the NCSC said.
“In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records as well as data relating to COVID-19 testing.”
Recent trends highlighted by the organization include the targeting of networks through VPNs and remote desktop protocol (RDP) endpoints, by exploiting unpatched bugs or weak passwords/lack of multi-factor authentication (MFA). It also pointed to the threat from phishing emails and other unpatched systems like Microsoft Exchange Server.
Using legitimate tools such as Mimikatz, PsExec, and Cobalt Strike is also widespread in enabling lateral movement that traditional security tools have trouble spotting, the NCSC added.
Recently, researchers have seen attempts to sabotage backup/auditing devices to make data recovery more complex, encrypt entire virtual servers, and use scripting environments like PowerShell to deploy tooling and malware.
In April, both the University of Portsmouth and the University of Hertfordshire suffered network outages lasting days after ransomware threat actors struck.
The Harris Federation, which runs 50 primary and secondary academies in the London area, was struck in March, impacting nearly 40,000 pupils.
The NCSC’s updated report recommended a defense-in-depth approach to protection, including MFA, anti-virus, prompt patching, and disabling macros and scripting environments to help disrupt ransomware attack vectors.
