Cybersecurity and Attack Timing
Universities have been targeted for well over a decade. These institutions are the steward of their student’s data and information. As this is valuable for the persons attacking the institutions, the attacks tend to be rather frequent. Recently, York University, a university in Canada was successfully attacked.
Attack Timing
When you are planning an attack, you probably don’t want to begin this when the cybersecurity staff is there, monitoring the systems, and ready to address the attack right after it is detected. It would be much better to wait until there is not a full staff present to work to stop the attack.
The attackers took the page from the standardized attack playbook and began their attack on Friday
evening. At this point, the staff was headed home for the weekend and not thinking about cybersecurity.
Attack
The attackers were focused on the areas which were holding the data, which they were seeking to exfiltrate. The target, in this case, were the servers and workstations at the University.
Mitigation
While the attack was timed well, the staff was able to detect this quickly. Without their work, the attack effects would have been much worse. The staff was able to directly address this to limit the successful aspects of the attack. The primary method to resolve this was to shut down the University’s computer systems, disconnecting these from the internet. After the attack, they
also contracted with external computer forensic professionals. Their role was to fully research the attack. The attack, per the University, was complex. Regardless of this, the research work will take a fair amount of time to fully complete.
Over the weekend the University was able to restore Office 365, password change, on-campus student access to the internet, and the University website. The University also worked on restoring the VPN for HR and Finance, central mail, and the remaining faculty websites. The University is
requiring everyone with the University to reset their passwords. This was directly due to the successful attack.
Additional Information?
At this stage, there has not been much information provided. The forensic examination would require the time needed to fully explore the attack. As much as possible, every facet needs to be detailed and correct.
While this is the standard operating procedure, the University has not provided much information regarding the attack. This should be released so that the industry can learn from this.
One aspect the students did not appreciate was the lack of communication from the attack. The University did not communicate this to the students. The students had to learn of this from statements posted online and on social media. With an attack of this nature, potentially having their data compromised to whoever did the attack, really should have had an official communication.
Resources
Cameroon Magazine. (2020, April 5). York university falls victim to a serious attack. Retrieved from https://fr.cameroonmagazine.com/actualite-internationale/york-university-falls-victim-to-a-serious-cyber-attack-news/
CBC News. (2020, May 4). Students, experts call for explanation after York university suffers ‘extremely serious’ cyber attack. Retrieved from https://www.cbc.ca/news/canada/toronto/york-university-cyber-attack-1.5555106
DH Toronto Staff. (2020, May 4). York university falls victim to a “serious cyber attack”. Retrieved from https://dailyhive.com/toronto/york-university-serious-cyber-attack
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.