Hacker Uses SQL Injections to Target Universities, Education Departments

The hacker is believed to be financially motivated.
Published: February 20, 2017

A hacker that uses the name Rasputin has compromised unspecified systems of at least 60 universities and government organizations in the country.

The hacker gains access to the systems through SQL injections and in some cases has attempted to sell access to the systems to third parties.

Rasputin is believed to be a Russian-based hacker and is financially motivated. The hacker is best known for the December 2016 cyberattack on the U.S. Electoral Assistance Commission.

Once compromised, a hacker could steal private information. In the case of universities, student information, intellectual property and other sensitive data could be accessed and made public or sold.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

RELATED: Getting Back to the Basics of Network Security

Cybersecurity firm Recorded Future, who has tracked Rasputin’s latest round of attacks, says targets have been selected “based on the organization’s perceived investment in security controls and the respective compromised data value.”

The attacks highlight the dangers of SQL injection attacks. Hackers can use a variety of free tools to identify vulnerable websites and databases. SQLi vulnerabilities are easy to prevent by adhering to coding best practices, but many institutions still rely on poorly programmed web applications.

The problem is that shoring up these vulnerabilities can be an expensive project that involves totally replacing vulnerable systems.

The state departments of education were also affected in Louisiana, Rhode Island and Oklahoma. Ten universities in the United Kingdom were the victims of Rasputin’s attacks as well.

A list of known university victims is included below:

  • Cornell University
  • Virginia Tech
  • University of Maryland, Baltimore County
  • University of Pittsburgh
  • New York University
  • Rice University
  • University of California, Los Angeles
  • Eden Theological Seminary
  • Arizona State University
  • NC State University
  • Purdue University
  • Atlantic Cape Community College
  • University of the Cumberlands
  • Oregon College of Oriental Medicine
  • University of Delhi
  • Homboldt State University
  • The University of North Carolina at Greensboro
  • University of Mount Olive
  • Michigan State University
  • Rochester Institute of Technology
  • University of Tennessee
  • St. Cloud State University
  • University of Arizona
  • University of Buffalo
  • University of Washington

Read Next: Simple Cyber Security Steps Your Organization Should Implement NOW

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series