A targeted cyberattack has been launched at Palm Desert, California community College of the Desert. The scale of the incident caused a systemwide outage affecting many online programs essential to its students.
This attack follows ransomware and other cyberattacks on more than 10 universities in the past year. The FBI said in May 2022 that Russian cybercrime forums are teeming with the network credentials and virtual private network accesses of employees from U.S. colleges and universities.
Looking into the issue for Digital Journal is Sally Vincent, Senior Threat Research Engineer at LogRhythm.
Vincent begins by setting the context: “College of the Desert public information officer has confirmed that the school has been hit by a malware attack potentially affecting 12,500 students, following a similar attack on the school two years ago.”
In terms of the ramifications, Vincent explains: “Deemed a “computer network disruption” by other school officials, some essential school systems have been forced offline, while other programs such as Canvas, Microsoft Teams and Adobe are still available for student use.”
This incident is, unfortunately, representative of the risks faced by industry: “This attack on College of the Desert follows a string of similar cyberattacks in the last year– Ohlone College, Savannah State University, University of Detroit Mercy, Centralia College, Phillips Community College of the University of Arkansas, National University College, North Carolina A&T University, Florida International University, Stratford University, Austin Peay State University and Kellogg Community College have also suffered recent ransomware attacks.”
It is unsurprising that the sector is becoming concerned about their vulnerability to cyberattacks: “This increasingly hot target on universities should be taken seriously by IT and security teams and motivate them to ensure that cybersecurity best practices are top-of-mind.”
This means taking action, and here Vincent recommends: “Falling victim to a malware attack is no guarantee that it won’t happen again in the near future, and attacks should be learning opportunities used to review incident response procedures and strengthen security posture.”
To this, Vincent adds: “The first step in being proactive against these attacks is to invest in cybersecurity solutions that detect malicious behavior and enable network infrastructure to block any further access attempts. Additionally, authentication and access controls, detection and response capabilities and real-time monitoring and visibility are absolutely crucial to ensuring that higher education systems remain up and running. Prioritizing security controls helps organizations prepare for and thwart hazards and make certain that crucial practices remain undisrupted.”
