The compromise of SolarWinds software used by government agencies and technology companies has also affected several U.S. colleges and universities, though the leaders of those institutions have not reported any major fallout from the incident.
Reports that hackers of suspected Russian origin had inserted malicious code into software provided by the Austin, Texas-based technology company SolarWinds first emerged earlier this month. The company said the incident may have affected as many as 18,000 customers using a network management product called Orion, according to SEC documents. The compromised software was used to spy on private companies like the cybersecurity firm FireEye and U.S. government agencies, including the Department of Homeland Security, the Treasury Department and the Department of Energy, though federal agencies have not been forthcoming about the true extent of the incident.
Among the Orion users were also several higher education institutions, including Kent State University, the University of Texas, San Antonio, and Iowa State University, each of which have reported being somehow involved in the supply-chain attack.
Iowa State University announced last week that it was one of the SolarWinds customers affected by the security breach. The university’s IT team, however, said there is no evidence Iowa State was specifically targeted in the attack or that its infrastructure was compromised and that no sensitive or personal information of students, faculty or staff was compromised. The university said it’s decommissioned the affected servers and is reviewing activity logs to further ensure that no systems were compromised.
Kent State University also announced this month that it received the compromised SolarWinds software in a recent software upgrade. However, like Iowa State, IT staff at Kent State said there is no evidence the hackers accessed the university’s network. In a statement, the university said it “takes the security of our students, faculty, and staff very seriously and continues to work daily to maintain the confidentiality, integrity and availability of our Kent State digital environment.” Kent State leaders said they’re also securing their systems to prevent future incidents.
At the University of Texas, San Antonio, another SolarWinds customer, IT staff said they are taking action out of an “abundance of caution,” requiring all students, faculty and staff to reset their university passwords last week.
While the scope of the SolarWinds breach is still being determined as investigations into the incident continue, the Cybersecurity and Infrastructure Security Agency has said the incident poses threats to all levels of government, the private sector and operators of critical infrastructure, and ordered federal agencies to discontinue using SolarWinds software.
“CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,” CISA’s alert read. “Organizations with suspected compromises need to be highly conscious of operational security, including when engaging in incident response activities and planning and implementing remediation plans.”
The SolarWinds attack, however, is just one of many cybersecurity incidents that have affected higher education institutions this year. Earlier this month, 20 universities, including Louisiana State University University of Arizona, Southeastern Louisiana University, University of Massachusetts Amherst, Manhattan College and the Rochester Institute of Technology, fell victim to a series of phishing campaigns thought to be carried out by Iranian hackers.
Many other universities have also fallen victim to cyberattacks this year, inducing Michigan State University, the University of California San Francisco and the University of Utah. According to Verizon’s 2020 Data Breach Investigations Report, U.S. educational institutions endured 819 cyberattacks last year.