INFORMATION SECURITY ALERT: RISK LOW - Universities are being targetedBy: Jeff Gardiner
In 2014, the Iranian government targeted Western and other Canadian universities to steal credentials and intellectual property in an incident known as “MABNA Institute’. The US State Department obtained evidence and charge several individuals with this large-scale attack and provided details to Western by way of the Canadian government.
Recently, Western received information that the Iranian government was active again, this time working with a group known as ‘COBALT DICKENS’. The goal and approach seem to be the same. Attached is a .pdf explaining the threat.
- Hackers target credentials. 81% of all breaches involve in some form stolen, default, or weak passwords and identities.
- It is easier to breach a system with credentials than by other means.
- Normal 'meaning perimeter-based security' provides no protection against identity and credential-based threats.
Because of this, the cybersecurity team is investigating institutionally. Even so, central IT may not be the only place evidence of compromise might appear.
INDICATORS OF COMPROMISE:
In Logs or network steams look for the following:
If any of the above IPs or Domains appear in logs or netstreams please contact firstname.lastname@example.org.
Published on and maintained in Cascade CMS.