The San Diego Community College District is reviewing the code in its network “line by line and file by file” to root out any malicious code embedded during a two-pronged cyberattack that started Saturday.
“This is not just a precaution,” said Chancellor Gregory Smith of the work by district IT teams. “We’re not being overly cautious about it. It’s a necessity.”
Network security was ready
Like many large institutions, the district faces frequent cyberattacks meant to steal data and financial information.
“We have daily, I don’t think it’s overstating, attempts for people to send phishing emails or to try to gain access into our networks,” Smith said. The cybersecurity system filters out the overwhelming majority of those attempts. “It’s a regular occurrence now. I think probably every significant organization of a significant size is having this happen on a daily basis.”
Gregory Smith (Photo courtesy SDCCD)In 2022, the district, which serves 100,000 students annually, began upgrading its security systems and moving sensitive student and employee information to the cloud behind multiple layers of security. That cloud data was safe during this breach. Attackers did not access any personal information, the district said.
But now the district may upgrade low-priority legacy systems sooner than planned. The attack exposed vulnerabilities in those systems that attackers attempted to exploit to breach secure parts of the network.
Cyberattacks have hit other colleges and school districts or large institutions like Scripps Health. Hackers stole large swaths of data and encrypted it, with the institution forced to pay a ransom or immediately lose key data. Those are typically one-and-done events.
Timeline of attack
At first, SDCCD thought a similar plot was at work. Machine learning software detected an issue Saturday morning and alerted security professionals about a possible attack. Those IT teams shut down the servers, essentially trapping the attackers inside the network so they could not communicate any information outside of it.
The district believes the attackers gained access to a vendor and entered the district’s network through them.
On Sunday, the cybersecurity teams did small test runs, bringing one system online then immediately turning it off to see how the attackers responded. Everything seemed fine in those system tests.
That’s why on Monday the district brought its network back online, assuming the weekend hack attempt failed.
A new plot?
But the district uncovered a more sinister attack Monday. The cyberattacks restarted, this time using vulnerabilities discovered on Saturday.
“Very quickly, after we opened our network back up, the attack resumed in a little bit different way,” Smith explained. “That’s why we suspect that Saturday may have been an attempt to understand how we would respond and then to evolve the attack in order to be successful and detect our security software.”
Instead of immediately ransoming data, SDCCD now believes the attackers intended to embed malicious code in their network. That code could have gone undetected for months or even years while hackers covertly harvested login credentials, financial information, social security numbers and other personal information.
“They would have been able to steal people’s identity,” Smith said. “It could have been a much worse scenario where we’re dealing with this personal data being compromised and not just having to shut down systems.”
In response, the district shut down its network entirely on Monday.
“We had to make the decision that we’re going to fully shut down and we’re not going to bring it back online until we know with certainty that we’ve removed any inappropriate access so that they could, again, not be able to start to extract information back out,” Smith said.
Finals week disruption
Smith said this was a necessary disruption that came at a poor time. It’s finals week and summer class registration is open.
Health Information Management graduates from San Diego Mesa College participate in commencement ceremonies. (Photo courtesy of the San Diego Community College District)Some cloud-based systems are still working, including the summer class registration site and class portal Canvas. However, wifi and food services on campus are shut down.
Additionally, some student services like mental health counseling, health appointments and other basic services were closed at some points this week because underlying applications supporting those offices were offline. The district restored most of those services through other means.
Food service resumes Wednesday. Officials anticipate that internet, websites and file servers will be restored by Friday.
Professors canceled a few classes. In other cases, professors had to pivot some tests to in-person. Hybrid classes moved to fully remote options off campus due to lack of internet. In other cases, students and faculty had to use hot spots on personal devices.
“It’s been more of a frustration,” Smith said. He believes all classes will finish the term on time.
Normality by next week
By next week, Smith thinks the district will be back to normal operations with no lingering threat. Before that happens, IT staff and a vendor need to ensure there is no embedded malicious code that could be activated later.
“We’ve had to completely rebuild or re-image some of our file structures and servers where the level of infiltration suggested that we might have some risk that we can’t see, and so erring on the side of caution, (we) completely rebuilt (them) so we know it’s eliminated,” Smith explained.
Smith said that effort takes longer than a few hours or days. It will be closer to a week to completely review the network.
Hence then, the article about how the san diego community college district caught and is still fighting a sophisticated cyberattack was published today ( ) and is available on Times of San Diego ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( How the San Diego Community College District caught — and is still fighting — a sophisticated cyberattack )
Also on site :