Last week Toronto’s York University fell victim to what appears to be a ransomware attack, according to cybersecurity expert David Masson, and it shouldn’t come as a surprise.
Masson, director of enterprise security at cybersecurity firm Darktrace, says there have been multiple advisories recently warning healthcare providers, municipalities and academic institutions of ongoing cyberattacks against organizations involved in the coronavirus response.
“Just this morning, there was a combined statement put out by the United States and the United Kingdom, actually warming various organizations about attacks from nation-states that are looking to steal information about COVID-19 for their national interests,” Masson said, referring to Tuesday’s warning from the UK’s National Cyber Security Centre (NCSC) and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). “And one of the areas that they warned would experience more attacks was in academia.”
Just last month, York University announced a $250,000 COVID-19 research fund. Submissions were accepted and the successful ones were announced April 30.
“This is the last thing a university needs right now,” added Masson, pointing to the speed at which the more than 6,100 computers and devices were affected by the attack as the reason why it could be ransomware. “This was a big attack that moved very quickly and it kind of looks like a ransomware attack. It makes you wonder whether the rest of academia and the Canadian government are paying attention to this and making sure it doesn’t happen to them.”
York says the cyber attack May 1 corrupted a number of its servers and workstations, but no sensitive information was stolen, the university’s chief information officer Donald Ipperciel indicated on Twitter Monday. More than 15 different systems were impacted, including Office 365, VPNs for HR and finance departments, Zoom, on-student access to the internet. These systems as of May 4 have restored functionality, Ipperciel wrote in a blog post on York’s website, but the school continues to urge its students to change their current Passport York passwords.
“The cyber investigation is still ongoing and teams are working on a 24 hr cycle since Friday. So far, no indication that confidential information was compromised. However, we still have to wait for the final assessment,” Ipperciel Tweeted. “To make things worse, the service desk ticketing system and IT phone systems are inaccessible because of the cyber-confinement of our systems This will seriously impede our ability to respond to the community.”
Attacks on education institutions is a trend, not a blip
In April, the education space experienced over 4.2 million malware infections, which makes up nearly 65 per cent of the 6.5 million attacked devices, according to Microsoft.
Research firm Atlas VPN cited the Microsoft data recently in a blog post this week and said the number of malware attacks is expected to rise during the exam period.
“Hence, if schools are planning on holding exams remotely, they should prepare and get experienced IT specialists to check the systems to prevent sensitive information from being stolen,” the company wrote.
Masson said making the situation worse for all schools is the fact that work-from-home orders are still in place, which means students are connecting to school services remotely, and perhaps not always in a secure fashion.
“There are many ways this could have happened,” Masson said about the attack. “Whatever it was, it was certainly widespread and it was very fast.”
Masson urged students and teachers to pay extra close attention to what they click on in their inbox, as the majority of attacks come from there.
“It’s a really vulnerable part of any organization.”