Howard U. ransomware highlights threat to higher ed
In addition to a holiday weekend, the beginning of Howard University’s semester presented a time crunch unique to higher education that could be particularly appealing to criminals planning cyberattacks, experts told EdScoop.
A ransomware attack detected just ahead of the Labor Day holiday has disrupted classes at the historically Black college in Washington, D.C., and shut down campus Wi-Fi and other networks on the final day students could register for classes. While the school’s IT department is standing up an alternative wireless network, and in-person classes resumed Wednesday, online and hybrid classes remain suspended. (The deadline for students to add or drop courses has been extended.)
While there’s never a good time for ransomware, an attack that lands at the start of a term can make the response more chaotic, said Lucia Milica, the resident chief information security officer of the email security vendor ProofPoint.
“If they attack earlier in the year or during the summer the university will have the summer break to address it, to take care of it, bring in more stringent controls,” she told EdScoop. “But if you do those attacks at a time when everybody is back-to-school, it’s really forcing the hands of the universities to to try to get the system up and running as soon as possible and then from a threat actor perspective, right, that is a great opportunity for them to perhaps secure a higher payout.”
Howard is investigating how actors accessed its network and the scope of the attack. So far, university officials said they have have not found evidence that attackers accessed any personal data. The university has not said whether a ransom was paid.
Kim Milford, executive director of the Research and Education Networks Information Sharing and Analysis Center, said the data housed at universities could also serve as a target for potential attackers. Colleges and universities serve complex audiences, including faculty, staff, parents and people who live in nearby communities, and it can be difficult to manage all of those factors, she said.
The higher-education industry is a “microcosm” of rising ransomware threats in all sectors, Milford said.
The White House recently convened private and public leaders to announce plans to fight rising cyberattacks in the U.S. High-profile ransomware attacks in various industries over Memorial Day weekend and the Fourth of July led the FBI and the Cybersecurity and Infrastructure Security Agency to issue an alert about potential holiday threats.
College and universities are implementing more precautions — such as multifactor authentication and network segmentation — to prevent illicit access, but Milford said a key part of addressing the rising ransomware threat is creating solid back-ups and developing incident response plans.
During a virtual event last month, Michael Berman, the chief information officer of the California State University system, said cyberthreats are an issue that can’t be completely solved, but can be managed with ample internal communication about plans and resources.
Milford said her organization can facilitate private discussions on ransomware and cybersecurity between colleges and universities. Despite institutions facing the same types of attacks, publicly sharing information while trying to deal with an attack can be difficult, she said.
“It’s very frightening to share any details, even something like ‘we’re setting up a new Wi-Fi’ because you’re giving away something about your own environment,” Milford said. “I know how intimidating and frightening that can be and we security professionals tend to keep things pretty close to the vest because we worry about that.”