Michigan State University (MSU) continues to grapple with the aftermath of a data breach that occurred as part of a mass-hack targeting the MOVEit file transfer application. It was recently revealed that two other organizations, the National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association of America (TIAA), were also impacted by the same breach. The identity of the ransomware group behind the attack is Cl0p, and it remains uncertain whether they will follow through on their threats to release the stolen data to the public.
Rick Wash, a professor in MSU’s media and information department, spoke about the situation, acknowledging that the full extent of the data exposure is still unclear. However, he emphasized that the hackers have not specifically targeted and distributed the sensitive data, which lessens the severity of the breach. Wash stated, “It’s not great for us, but it’s not as bad as it would be if they were specifically doling out the bad pieces of data and selling it.”
MSU spokesperson Dan Olsen has assured the community that both NSC and TIAA are committed to notifying affected individuals and providing them with support and resources. However, the exact number of individuals affected by the breach is still unknown. According to Bank Info Security, a German cybersecurity firm called KonBriefing reported that a total of 455 organizations, including MSU, have fallen victim to the MOVEit attacks. Among the newly disclosed victims are Cognisight, Pacific Premier Bank, Northwestern Mutual, and the life insurance companies Brighthouse and TransAmerica. Based on the available information from impacted organizations, cybersecurity firm Emisisoft estimates that the attackers have stolen the personal details of at least 23 million individuals. It is important to note that only about 20% of the targeted organizations have released victim numbers, so the actual tally may be even higher. The ransomware group Cl0p stands to make an estimated $75-$100 million from ransom payments.
In a separate report, security vendor Sophos recently released “The State of Ransomware in Education 2023,” which highlights the education sector as the most targeted industry by ransomware attacks last year. The report was based on a survey of four hundred IT/cybersecurity professionals working in education across fourteen countries. It revealed that 80% of lower educational organizations and 79% of higher educational organizations experienced ransomware attacks. This marks an increase from 64% and 56% respectively in 2021.
The survey also identified that exploits and compromised credentials were the most common methods of attack, accounting for 77% of ransomware attacks in higher education and 65% in lower education. Sophos field CTO Chester Wisniewski pointed out that the lack of multi-factor authentication (MFA) technology in the education sector makes it more vulnerable to credential abuse. Wisniewski emphasized the importance of adopting MFA to prevent these types of attacks.
The report further highlighted that educational institutions are among the highest payers of ransoms, with 56% of higher education providers and 47% of lower educational organizations choosing to pay. Unfortunately, this trend seems to have paid off for the attackers, as the recovery costs for higher education institutions that paid the ransom were $1.31 million, compared to $980,000 for those who relied on backups for recovery. Wisniewski explained that the pressure to keep operations running smoothly and avoid disruptions likely compels schools to pay the ransoms. However, he noted that paying the ransom does not necessarily resolve the attacks more quickly but is a significant factor in why educational institutions are targeted.
Overall, MSU and the education sector as a whole remain vulnerable to cyberattacks, especially ransomware operations. It is crucial for organizations to prioritize cybersecurity measures, including implementing MFA and maintaining robust backup systems, to protect themselves against these threats.