14 DAY TRIAL // The computer network at Penn State College of Engineering has been isolated and taken offline following sophisticated attacks hailing from China, which may have compromised sensitive details of about 18,000 individuals.
The educational institution was alerted by the FBI about one of the intrusions on November 21, 2014, and started an investigation, while maintaining the appearance that it was unaware of the breach.
This measure was taken in order to buy some time for determining the scope and origin of the attack and to take the necessary defensive steps.
SSNs of thousands have been exposed
However, it appears that the intruders had gained access to the network about two years earlier, in November 2012, and several of the affected machines stored personally identifiable information, such as social security numbers, said President Eric Barron in an official statement on Friday.
The university is currently notifying approximately 18,000 people whose data has been exposed, as well as around 500 public and private research partners that were engaged in different contracts since the first known date of compromise.
At the moment, there is no clear evidence that the information has been exfiltrated, but the investigation revealed that multiple login credentials for the College of Engineering computer network had fallen into the hands of the attackers, and were used for illegal access of the infrastructure.
Hackers used advanced malware for the compromise
The investigation into the incidents is led by FireEye’s forensic division, Mandiant, which determined that at least one of the attacks bears the signature of an advanced persistent threat (APT) actor based in China.
“Advanced cyber attacks like this -- sophisticated, difficult to detect and often linked to international threat actors -- are ‘the new normal.’ No company or organization is immune -- the world’s leading banks, energy companies, retailers and educational institutions have all been and will be targets,” said Nick Bennett, senior manager at Mandiant.
For the period of the outage (expected to end in several days), the university will improve the security stance of the computer network and will reset passwords for the affected individuals.
On the same note, remote access to resources on the internal network will be done securely, via a VPN connection, with mandatory two-factor authentication (2FA) protection at login stage.