In late July, officials with the University of Connecticut notified the general public that unnamed hackers had infiltrated servers belonging to the school’s College of Engineering. This incident serves as yet another reminder of the scope of hackers and malware today, which is why organizations in any industry can benefit from a managed SIEM solution.
The exact scope of the breach is still unclear, as the university has yet to release details about how many people and what kind of data was specifically affected. Thus far, all UConn officials have said is that it does not appear as though any data was taken, but the personally-identifiable information of some people may have been improperly accessed.
All alumni, students and faculty, as well as all organizations and individuals that work with the College of Engineering, have been notified of the incident. According to its website, UConn’s College of Engineering has 133 professors, more than 22,500 undergraduate students and close to 7,900 graduate-level students.
The only details about the hackers that have been released are that they appear to Chinese in origin. UConn officials are currently working with a number of outside vendors to learn more about the intrusion and to further shore up their network.
“UConn places the highest priority on maintaining the security and integrity of its information technology systems,” said Michael Mundrane, Vice Provost and Chief Information Officer at UConn. “That’s why, in addition to assisting individuals and research partners in responding to this incident, we’re taking steps to further secure our systems.”
Potential lessons from this breach
While news of the intrusion was recently released, members of UConn’s IT department discovered the problem on March 9. Still, it seems as though their internal team was late in noticing the issue, as a follow-up investigation revealed that the malware in question was first installed in September 2013. Despite the time frame here, the university did not label this an advanced persistent threat. Details regarding the motivation for the breach or how it was first perpetrated have not yet been released.
“The unfortunate reality is that these types of attacks are becoming more and more common, which requires us to be even more vigilant in protecting our University community,” Mundrane said.
For other organizations, there are a few key lessons that can be gleaned from this incident:
- No organization or entity is immune from the reach of hackers, which is why firms in all spaces must take steps now to shore up their defenses.
- It’s too often not a matter of if cybercriminals will cause damage, but rather when they will strike. Thus, preventative measures are not always ideal. Instead, incident detection and response is usually a far better bet considering today’s threat environment.
- Cybersecurity cannot happen just once or a few times a year, but rather something that happens on a continual basis. Threats can remain dormant for years before causing havoc. To quickly detect anomalies and respond to issues in a more timely fashion, organizations may want to seek out a third-party managed SIEM provider to lend expertise.
Cybersecurity news and analysis brought to you by Arctic Wolf, leading providers of detection and response security services. DRMS – for when your firewall fails.