In 2020, there was a 55% increase in cyber attacks targeting the healthcare industry. While the healthcare industry is still a prime target, it looks like the education sector is getting attention among attackers in 2021. Recently, a group of higher education institutions have confirmed they were ransomware attack victims through a data breach caused by a security flaw found within Accellion’s file transfer software. 

Threat actors were able to exploit sensitive data such as Social Security numbers, financial information, and personal identifiable information (PII) from the University of California, Stanford University’s School of Medicine, the University of Colorado, and the University of Maryland, found on the dark web. Attackers are leveraging double-extortion techniques to coerce their victims into both paying the ransom and threatening to reach out to the victim’s clients or publish the data on the web.  

As sophisticated ransomware groups perform reconnaissance, they identify their attack victims and targets well in advance and infect networks through phishing techniques and other malicious activity. The primary goal of these attacks is to plant malware that encrypts critical data by installing a backdoor to ensure they have continuous access to the breached environment. Oftens, attackers will receive the ransom payment and return via the previously installed backdoor, regaining access to sensitive systems to demand another ransom. 

These same organizations often face the risk of sensitive data disclosure. Exploiting third-party software is becoming more common than ever, and remains a vulnerability that attackers continue to exploit to gain unauthorized access to larger networks like those associated with the Accellion breach. It is paramount that organizations perform vendor risk assessments to ensure the third parties they work with have an adequate security framework in place to reduce the risk associated with using third-party software. 

Limiting access to an organization’s systems can be achieved by practicing least privilege access principles — restricting access rights for users, accounts, and files. Most importantly, organizations need a plan in place for 24/7 monitoring to detect and identify ransomware attacks throughout the organization. Managed Detection and Response (MDR) services provide the much-needed visibility to prevent and mitigate cyber attacks with continuous human threat hunting. 

Learn more about how an MDR provider can help with 24/7 monitoring as well as other cybersecurity services in our webinar: Demystifying MDR for the Security Conscious Buyer.

Monique Becenti

Product Marketing Manager | Pondurance

Monique is a Product Marketing Manager and has worked in cyber security roles for more than 5 years. Prior to joining Pondurance, Monique worked with Truyo powered by Intel®, specializing in data privacy rights automation and consent management and was a product and channel marketing specialist at SiteLock. Monique has a passion for cyber security and leveraging her knowledge to create better experiences for consumers and businesses throughout their customer journey. Outside of cyber security, Monique loves photography and taking pictures of the beautiful Arizona sunsets and landscape.