- Educational institutions are assumed to be the most vulnerable sector today, considering that 70 to 80% of lower-to-higher education providers reported experiencing ransomware attacks in 2022.
考虑到 70% 至 80% 的低级到高等教育提供者报告在 2022 年遭受过勒索软件攻击，教育机构被认为是当今最脆弱的部门。
- National Student Clearinghouse has reaffirmed these suspicions, revealing that nearly 900 US schools were impacted by the MOVEit hack.
- According to the research, reporting, and verification services provider, sensitive student records were stolen in the MOVEit data breach.
- The organization identified the scope of this breach on June 20 following an investigation.
该组织在调查后于 6 月 20 日确定了此违规行为的范围。
- The National Student Clearinghouse boasts a network of 3600 colleges/universities and 22,000 high schools.
Last week, Hackread covered research from cybersecurity firm Sophos and VPN service provider AtlastVPN, revealing that education was the top-most targeted sector in ransomware attacks. During 2022, 80% of lower education and 79% of higher education institutions became targets of ransomware attacks. The recovery cost from these attacks touched $ 1.59 million in 2022-2023 for lower education institutes and close to $ 1 million for higher education institutions in 2023.
上周，Hackread报道了网络安全公司Sophos和VPN服务提供商AtlastVPN的研究，揭示了教育是勒索软件攻击中最受攻击的领域。2022 年期间，80% 的低年级教育和 79% 的高等教育机构成为勒索软件攻击的目标。2022-2023 年，这些攻击的恢复成本在 2022-2023 年为低级教育机构达到 159 万美元，在 2023 年为高等教育机构接近 100 万美元。
The latest revelation from the National Student Clearinghouse has reaffirmed these findings by revealing that around 900 schools were impacted by the MOVEit attack. MOVEit is a managed file transfer software created by Progress Software Corp and widely used by financial institutions, governments, and thousands of public/private sector entities worldwide for sharing information.
全国学生信息交流中心的最新披露重申了这些发现，揭示了大约900所学校受到MOVEit攻击的影响。MOVEit是由Progress Software Corp创建的托管文件传输软件，被金融机构，政府和全球数千个公共/私营部门实体广泛用于共享信息。
On 31st May 2023, MOVEit became the target of a hack attack where the platform suffered huge data loss after being hit by Cl0p ransomware. The ransomware operators accessed information belonging to organizations and individuals by exploiting a zero-day vulnerability.
2023 年 5 月 31 日，MOVEit 成为黑客攻击的目标，该平台在受到 Cl0p 勒索软件攻击后遭受了巨大的数据丢失。勒索软件运营商通过利用零日漏洞访问属于组织和个人的信息。
As of September 22, 2023, this attack has impacted 2,053 organizations and 57,624,249 individuals, as per the information available on Cl0p operators’ website, SEC filings, and public disclosures, explained cybersecurity firm Emsisoft. Over 90% of the impacted organizations were based in the US, 1.8% in Germany, 3.2% in Canada, and 1.0% in the UK.
The National Student Clearinghouse is among the impacted organizations. The non-profit has confirmed (PDF) that around 900 colleges/universities have been affected by the MOVEit attack. The list of affected schools is available here (PDF).
The organization informed the California attorney general’s office that its MOVEit server was hacked in late May, but it discovered the scale of the breach and stealing of the student record database on June 20 with help from cybersecurity experts and law enforcement agencies.
该组织通知加州总检察长办公室，其 MOVEit 服务器在 5 月下旬遭到黑客攻击，但在网络安全专家和执法机构的帮助下，它于 6 月 20 日发现了学生记录数据库遭到破坏和窃取的规模。
“Through our investigation, on June 20, 2023, we learned that an unauthorized party obtained certain files from the MOVEit tool. The issue occurred on or around May 30, 2023,” the organization explained.
“通过我们的调查，2023 年 6 月 20 日，我们了解到未经授权的一方从 MOVEit 工具中获取了某些文件。该问题发生在 2023 年 5 月 30 日或前后，“ 该组织解释说。
The stolen data included name, contact details, school records, date of birth, student ID number, enrollment records, degree, and course-level data compromised in the attack. It has sent data breach notifications to impacted individuals. The notification has been posted to the California attorney general’s website.
The National Student Clearinghouse has patched the software and added stricter monitoring mechanisms, apart from offering victims free identity monitoring services for two years.
It is worth noting that the infamous MOVEit hack impacted many high-profile organizations, including Norton’s parent company, Gen Digital, the US Department of Energy, Siemens Energy, Shell, and Schneider Electric.
The French government agency Pole Emploi, the Colorado Department of Health Care Policy and Financing, and Maximus lost the highest amount of personal data of registered individuals.