Feb 09 2023
Welcome to Gone Phishing your daily newsletter that’s got more juice than a chapter from SPARE
Today’s cybersecurity haul:
Cyberattack lets 19k West Virginia students play Hooky
Is West Virginia the home of 2023’s answer to Ferris Buller, the fun-loving, school-cutting rascal from the 80s classic Ferris Bueller’s Day Off? It sure looks that way!
But this modern-day Ferris has graduated from schoolboy (geddit?) stuff like hacking into the high school computer system to whittle down his unauthorised absence numbers…
New-and-improved Ferris is set on widescale disruption. He doesn’t just want a day off for himself; he wants a day off for every damn student, teacher and janitor in Berkely County School system. Almost brings a tear to your eye, doesn’t it?
System down!
In all seriousness, it’s not yet clear who’s behind the attack and what their intent is. But for now, the school’s in total disarray.
One Facebook commenter said of the attack: “People need to remember technology in the school system extends well beyond in the classroom. Security cameras, badge readers for doors, phones, HVAC functions, etc… can all depend on the network.”
But never fear! Superintendent Chalmers (ahem, sorry: Superintendent Ron Stephens) is on the case!
He said the district was “working diligently to restore operations” as they investigated the “cause and scope” of the cyber issues. Phew!
One thing’s for sure: we wouldn’t like to be in Principle Skinner’s (sorry, Hollen’s!) shoes right now!
Munster Technological University gives Cork campuses the week off over ransomware scare
A similar phenomenon took place back across the pond in Ireland when MTU university suffered another dreaded ransomware attack. Not to make light of the matter: ransomware attacks lock users out of their files and demand cash in return for re-access. Creepy, right?
Nonetheless, having faced the prospect of losing thousands of words worth of essays and untold terabytes of coursework and study material, our guess is that the students of MTU couldn’t neck their Guinness fast enough upon hearing the news that school was suspended for the week!
Don’t negotiate with terrorists!
Munster Technological University (MTU) has confirmed a ransom demand was embedded in the cyberattack that has closed its four Cork campuses this week. So, now the question is: will the college cave and pay the ransom as ION Trading did here in the UK just a couple of months ago.
The problem with doing so is there’s no guarantee that the criminals involved will do the honourable thing and return access to the sensitive data. And the more ransomware attackers are successful in their heists, the more common said attacks will become (a phenomenon we’re already seeing unfold!).
Always backup!
Fortunately for students and staff alike, Paul Gallagher (vice president for finance and administration at MTU) isn’t sweating it.
He said: “We have not engaged; we are taking advice from the National Cyber Security Centre. We’re in a strong position, we can restore the system ourselves.
“We intercepted this at an early stage. We have very good backups in place, so we did discover a ransom demand encoded in one of the servers, but we haven’t engaged directly at this stage at all with the ransom.”
So, the lesson here is remain vigilant and always, always, ALWAYS, carry out regular backups.
Now this bloke must be a few stubbies short of a sixpack so wrap your laughing gear around this one, lads. A nineteen-year-old would-be scammer found himself in hot water after trying his hand at phishing.
Don’t quit your day job, mate!
It turned out to be a rather lousy haul for the Sydney man after blackmailing 92 people who’d had their private data compromised in a criminal data leak, demanding $2000 AUS to delete the files in question, and receiving a grand total of zero responses. Better luck next time, mate!
Here’s a snapshot of what popped up in the unsuspecting affected parties’ inboxes:
The misguided scammer, who was 19 when he was arrested in October 2022 and, now 20, the silly bogan’s looking at an 18-month Community Correction Order (CCO) and 100 hours of community service for attempting to take advantage of the Optus data breach.
Goes to show, crime doesn’t pay!
Optus, the Australian telecom service provider, suffered a massive hack last year, with passport information and Medicare numbers pertaining to nearly 2.1 million of its current and former customers exposed.
So long and thanks for reading all the phish!