U.S. Education Dept. responds to TheDarkOverlord attacks with new cyber advisory

Its gratifying when advocacy efforts have an impact. Last week, this blogger spent a good amount of time talking with Kathleen Styles, Chief Privacy Officer of the U.S. Education Department. We discussed  the  TheDarkOverlord attacks on the education sector and I urged the Department to try to warn schools how to better protect themselves.
I am pleased to see that they have now sent out the following advisory (yes, even though they dont link to any of my reporting on this issue):
Cyber Advisory – New Type of Cyber Extortion / Threat Attack
Summary
Schools have long been targets for cyber thieves and criminals.  We are writing to let you know of a new threat, where the criminals are seeking to extort money from school districts and other educational institutions on the threat of releasing sensitive data from student records.  In some cases, this has included threats of violence, shaming, or bullying the children unless payment is received.
These attacks are being actively investigated by the FBI, and it is important to note that none of the threats of violence have thus far been judged to be credible.  At least three states have been affected.
How to Protect Yourself
The attackers are likely targeting districts with weak data security, or well-known vulnerabilities that enable the attackers to gain access to sensitive data. This may be in the form of electronic attacks against school/district computers or applications, malicious software, or even through phishing attacks against staff or employees.
IT Staff at Schools / Districts are encouraged to protect your organizations by
conducting security audits to identify weaknesses and update/patch vulnerable systems;
ensuring proper audit logs are created and reviewed routinely for suspicious activity;

training staff and students on data security best practices and phishing/social engineering awareness; and
建议企业进行严密的安全设置和全程的技术监控,形成预防与打击泄露客户信息行为的有效机制;强化对行业不良行为的监管力度。
信息安全意识试卷
reviewing all sensitive data to verify that outside access is appropriately limited.
What to Do if This Happens to You 
If your organization is affected by this type of attack, it is important to contact local law enforcement immediately. Its not mandatory, but if you are an affected K12 school, please contact us at [email protected] so that we can monitor the spread of this threat. Additionally, the PTAC website contains a wealth of information that may be helpful in responding to and recovering from cyber attacks.While this new threat has thus far been directed only to K12, institutions of higher education should know that they are required to notify the Office of Federal Student Aid (FSA) of data breaches via email pursuant to the GLBA Act, and your Title IV participation and SAIG agreements.  Additional proactive tools for institutions of higher education are available at our Cybersecurity page on ifap.ed.gov
Copyright © Privacy Technical Assistance Center, All rights reserved. http://ptac.ed.gov
Note that despite what the cyber advisory suggests, this threat is not confined to K12, as TheDarkOverlords recent tweets suggest that they are also busy attacking institutions of higher education. 
多家游戏厂商几乎同时遭受到黑客攻击,太多黑客新闻让人们都麻木不仁了。

猜您喜欢

网络需求 CISCO WS-C2960S-24TS-L
如何防范垃圾短信、骚扰电话、电话诈骗
网络安全法宣传推广视频 https://v.qq.com/x/page/p050493s0f5.html
首都基层建设者喜迎十九大纪实
QUEENSWHOREAD 3DCENTRIFUGE
地理位置泄漏个人信息引来窃贼