Stanford University – CyberSecurity Confabulation

1.) A ransomware group known as “Play” has recently issued a concerning statement. They have threatened to release the personal details of more than 8,600 Dallas County employees on the dark web unless their ransom demands are met. To add weight to their threat, the hackers have shared several screenshots that display personal information belonging to employees from various county departments.

The Play ransomware group is not new to the world of cybercrime and has a history of targeting corporate entities, often demanding large sums of money. In this latest incident, they have successfully infiltrated a government department in the early weeks of October and extracted sensitive employee data.

Dallas County’s IT department chose not to comply with the ransom demands, prompting the Play Ransomware Gang to issue a warning via Telegram. They have threatened to publicly auction the stolen data, leaving the personal information of over 8,000 employees vulnerable to social engineering attacks, such as phishing.

The exact method by which the “Play” group gained access to the network remains uncertain. However, some reports suggest that the breach occurred when the criminals obtained a staff member’s credentials through a brute force attack.

Dallas County officials have committed to taking all necessary steps to prevent such cyber incidents from recurring. They are closely monitoring the situation with the assistance of forensic experts and have implemented measures to mitigate the risks associated with the attack.

It is important to note that the “Play” group is known for disabling anti-malware solutions on target networks, stealing information, and encrypting files. Their modus operandi involves double extortion, where they demand payment from victims under the threat of publishing stolen data. They have a history of exploiting vulnerabilities in ProxyNotShell, OWASSRF, and Microsoft Exchange Servers to install malware. This group is not just an information thief; it can also function as a data wiper with a simple command from the hacker. There are also links between “Play” and now-defunct criminal groups such as Conti and Hive Ransomware, with their encryption code matching that of the Quantum Ransomware group.

2.) In another cyber incident, Stanford University is currently investigating a claim made by the Akira Ransomware group on October 27, 2023. The group stole approximately 430GB of sensitive data, marking another instance of a cyberattack on the university. Earlier in the year, the Clop Ransomware group exposed their theft of information from Stanford through a server compromise. In 2021, the university fell victim to a digital infiltration when hackers exploited a vulnerability in Accelion FTA to gain access to its servers.

3.) Lastly, the White House is in the process of formulating a policy to share ransomware-related data with its international allies. This policy will encompass information about collected ransoms, attribution of the attacks, and the associated risks. It will also emphasize that victims should refrain from paying ransoms, as such payments encourage criminal activities and do not guarantee the return of decryption keys.

The post Ransomware news trending on Google appeared first on Cybersecurity Insiders.

Stanford University, one of the top ranked Universities of the United States and world, has become a victim to a cyber attack leading to data leak or unauthorized access of sensitive information. The leaked details include first and last names of students, their DOBs, contact mail address, phone numbers, email IDs, gender, ethnicity, race, citizenship, nativity, transcripts, resume, recommendation letter (if any) and filled up admission forms on a digital note.

Information is out that the security incident occurred because of a mis-configured database exposing student info between December 2022–January 2023.

Details are in that the data leak of students pursuing Economics PH.D program from the website was leaked in the incident and all of those 900 candidates affected in the incident were being notified by the University via digital communication.

Hackers can use stolen data for launching social engineering attacks such as phishing. However, this incident looks different as the hack occurred because of an exposed database that might have attracted many cyber criminals who are always on the prowl of such information that makes business sense to them.

NOTE- Many state hackers are always in search of such information as they analyze such classical data and later use it against the nation from which the data was stolen. Often, they are on the prowl of military and political information. And after COVID-19 crisis almost every developed nation has appointed a special cyber force to sieve such R&D data related to healthcare from servers connected to the internet and use them for the upcoming bio-war that might be launched in the next few months/years by any nation connected to Asia.

The post Data Breach occurs at Stanford University appeared first on Cybersecurity Insiders.