<!–> Dashlane Most of us are dreaming of a glorious passwordless future. Earlier this year, Dashlane raised our collective hopes when the password manager company announced that a Passwordless Login feature was coming “later this year.” Today, the company confirmed: Dashlane is the first credential manager to eliminate the Master Password. But for now, at least, […] More

The number of ransomware attacks targeting universities has doubled over the past year and the cost of ransomware demands is going up as information security teams struggle to fight off cyberattacks.
Analysis of ransomware campaigns against higher education found that attacks against universities during 2020 were up 100 percent compared to 2019, and that the average ransom demand now stands at $447,000.

More on privacy

The sharp rise in the number of ransomware attacks, combined with the six-figure sums ransomware gangs demand in exchange for the decryption key means ransomware represents the number one cybersecurity threat for universities, according to the research by tech company BlueVoyant.
SEE: Network security policy (TechRepublic Premium)
Ransomware is a problem across all sectors, but for higher education it currently represents a particular problem because the ongoing COVID-19 pandemic means that students are receiving their teaching online while many academics are also working from home.
Overstretched IT departments might not have the ability to fully address security, providing cyber criminals with an opening to exploit.
“Operating in the middle of the pandemic provides even greater opportunity for the adversary,” Austin Berglas, global head of professional services at BlueVoyant told ZDNet.

Berglas said IT staff are already busy ensuring students and staff have the necessary tools to conduct remote learning, from device configurations and the installation of new software and cameras to assisting end users that are having problems with the new technology. “These schools may not have the resources to properly secure the network,” he said.
That means that universities could be considered an easy target for cyber attackers – and the lack of IT resources, combined with students and staff being reliant on the network being available, means that many victims of ransomware attacks in higher education will consider paying a ransom demand of hundreds of thousands of dollars in Bitcoin in order to restore the network as quickly as possible.
Researchers suggest that in many cases, cyber criminals are specifically targeting universities because they perceive them to be a soft target, and one from which it is easier to extract a ransom payment than businesses in other areas, which might potentially provide more lucrative targets, but that require more effort from attackers.
According to the report, more than three-quarters of the universities studied had open remote desktop ports, and over 60% had open database ports – both of which provider cyber attackers with an entry point into networks and a means to eventually deliver and execute ransomware attacks.
SEE: Phishing: These are the most common techniques used to attack your PC
While cyberattacks and ransomware continue to pose a threat to universities – and will continue to do so even after in-person teaching resumes – there are things that can be done in order to improve cybersecurity and reduce the chances of falling victim to malicious hackers.
This includes applying multi-factor authentication across all email accounts, so if cyber criminals can breach login credentials, it’s much more difficult to exploit them for access around the network.
“Ensure multi-factor authentication using a single sign-on solution. Multi-factor authentication will prevent the majority of phishing attacks, which is one of the top ways ransomware is being deployed,” said Berglas.
It’s also recommended that universities monitor networks for abnormal behaviour, such as fast logins or logins to multiple accounts from the same location, as that could indicate suspicious activity.
MORE ON CYBERSECURITY More

Getty Images Once upon a midnight dreary, I was inundated with a deluge of spam and malicious messages on Android. Every morning I’d wake up wondering how many such messages would pummel my phone. But then Google got smart and added features that would help prevent that never-ending rain of unwanted missives. It took Google […] More

Cisco
A former Cisco engineer was sentenced this week to 24 months in prison for accessing Cisco’s network without authorization after he left the company and then destroying servers that hosted infrastructure for the Cisco Webex Teams service.

Sudhish Kasaba Ramesh, 31, of San Jose, was formally charged earlier this year in July and pleaded guilty a month later in August.
According to court documents, Ramesh worked for Cisco between July 2016 and April 2018, when he resigned and joined another company.
However, for reasons not mentioned in the indictment, five months later, in September 2018, Ramesh accessed Cisco’s cloud infrastructure hosted on Amazon’s Web Services.
Investigators said Ramesh then proceeded to run a script that deleted 456 virtual machines that were supporting Cisco’s video conferencing software WebEx Teams, actions that resulted in the temporary deletion of more than 16,000 Webex accounts.
It took Cisco two weeks to recover the accounts and rebuild its systems, costing the company more than $2.4 million, with $1,400,000 in employee time and $1,000,000 in customer refunds.
The tech giant’s management brought the case to law enforcement as soon as it realized the Webex Teams outage was the result of intentional sabotage and not a server issue.

Although Ramesh apologized for his actions, the former Cisco engineer never explained what drove him to delete Cisco’s servers.
Besides serving the next two years in prison, Ramesh was also ordered to pay a $15,000 fine.
Ramesh was also fired from his job at his current employer, personal lifestyle site Stich Fix, and is scheduled to begin his prison sentence next year, on February 10.
Cisco said that the incident didn’t expose any of its customers’ data, and the company restored service to all affected parties. More

Image: Ubiquiti Networks
Networking equipment and IoT device vendor Ubiquiti Networks has sent out today notification emails to its customers informing them of a recent security breach.

“We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” Ubiquiti said in emails today.
The servers stored information pertaining to user profiles for account.ui.com, a web portal that Ubiquiti makes available to customers who bought one of its products.
The site is used to manage devices from a remote location and as a help and support portal.
According to Ubiquiti, the intruder accessed servers that stored data on UI.com users, such as names, email addresses, and salted and hashed passwords.
Home addresses and phone numbers may have also been exposed, but only if users decided to configure this information into the portal.
How many Ubiquiti users are impacted and how the data breach occurred remains a mystery.

It is currently unclear if the “unauthorized access” took place when a security researcher found the exposed data or was due to a malicious threat actor.
A Ubiquiti spokesperson did not immediately return a request for comment send before this article’s publication.
Despite the bad news to its customers, Ubiquiti said that it had not seen any unauthorized access to customer accounts as a result of this incident.
The company is now asking all users who receive the email to change their account passwords and turn on two-factor authentication.
While initially, some users looked at the emails as a phishing attempt, a Ubiquiti tech support staffer confirmed that they were authentic on the company’s forums.
A full copy of the email is available below, as shared today on social media.

Image: Dangal Son More