China
Blamed for Penn State Breach
This
article talks about the breach that happened at the Penn State University,
College of Engineering which suffered two sophisticated cyber-attacks with at
least one originating from China. The hackers were not detected for two years
due the evasion techniques the hackers employed. It was in September 12, when
the attacks occurred with one of the attack originated in China. The university
exposed the breaches on May 15 even though the FBI notified the school of
attacks in November 21.
According
to the article, as stated by Penn State, both data and personally identifiable
information are safe. However, it was concluded that number of user names and
passwords for the university issued accounts are compromised. It was also
notified that around 18000 student’s PII might have been compromised so the
university is offering a free credit monitoring for those students for a year.
As
mentioned in the article, they might never know the specific methods the hackers
used to entry the system but custom malware and other tactics was used to
infect the network. As stated in the article, publicize of attacks was
intentionally delayed so that the hackers are unaware of the efforts that been
applied to fight the cyber-attack. The hackers were trying to target the intellectual property of the engineering department. Because all these large
research universities deal with lots of development of sensitive technology
related to the department of defense, they become attractive to China to get
information on those research. All those who got compromised during the attack
were required to change the password on their university account while faculty
and staff who has remotes access to the system from a private network are
required to use two-factor authentication to log in to the system.
References:
No comments:
Post a Comment