"There's no such thing as bad publicity" - Phineas T. Barnum
With attacks at two universities this week, I doubt they'd agree. Attacks on the education sector are particularly painful at this time of year with the start of the new academic year as well as the challenges of keeping everyone safe in a COVID-affected world. These attacks aren't isolated. Apparently, a third of all UK universities have been targeted by ransomware in the last ten years.
While the impact for university students might seem mostly an inconvenience, that's unusual. This week also saw an attack on the US Department of Veterans Affairs which could have a severe impact due to exposed personal details and diversion of much-needed funds from veterans.
It's unclear how these attacks happened and, no doubt, the details will become more apparent with time. But, from previous attacks, we can be reasonably confident about a likely common factor: abuse of privileged accounts.
Privileged accounts are those logins to applications, services, databases or devices that have more power than typical users. They can create or delete accounts, access customer data, reconfigure network devices, and a million other powerful and critical operations.
Getting access to those credentials can be through many tricks ranging from social engineering through spearfishing to keystroke capture and brute force attacks. Universities can be particularly vulnerable with a large and distributed faculty, complex and large numbers of buildings and labs, and, of course, a large and ever-changing student population.
There is a way to prevent those attacks at source - never reveal privileged credentials. That means keeping them hidden from human beings and ensuring they never get passed to a user's workstation or laptop. If they aren't available, they can't be compromised.
As a further level of protection, ensure there are enforced policies around credential management (e.g. ensuring credentials and passwords are rotated regularly and access lists are recertified) and monitoring and recording any sessions using privileged accounts.
Osirium offers a modern Privileged Access Management (PAM) solution that does exactly that. As a simple to install virtual appliance, organizations from small teams to global enterprises use it to protect their most vital shared IT infrastructure and optimize IT operations. Multiple educational organizations already depend on Osirium PAM for protection.
Osirium PAM is available for free for small teams to use in the guise of PAM Express.
If you'd like to know more, please get in touch.