Hacker Uses SQL Injections to Target Universities, Education Departments
The hacker is believed to be financially motivated.
A hacker that uses the name Rasputin has compromised unspecified systems of at least 60 universities and government organizations in the country.
The hacker gains access to the systems through SQL injections and in some cases has attempted to sell access to the systems to third parties.
Rasputin is believed to be a Russian-based hacker and is financially motivated. The hacker is best known for the December 2016 cyberattack on the U.S. Electoral Assistance Commission.
Once compromised, a hacker could steal private information. In the case of universities, student information, intellectual property and other sensitive data could be accessed and made public or sold.
Cybersecurity firm Recorded Future, who has tracked Rasputin’s latest round of attacks, says targets have been selected “based on the organization’s perceived investment in security controls and the respective compromised data value.”
The attacks highlight the dangers of SQL injection attacks. Hackers can use a variety of free tools to identify vulnerable websites and databases. SQLi vulnerabilities are easy to prevent by adhering to coding best practices, but many institutions still rely on poorly programmed web applications.
The problem is that shoring up these vulnerabilities can be an expensive project that involves totally replacing vulnerable systems.
The state departments of education were also affected in Louisiana, Rhode Island and Oklahoma. Ten universities in the United Kingdom were the victims of Rasputin’s attacks as well.
A list of known university victims is included below:
- Cornell University
- Virginia Tech
- University of Maryland, Baltimore County
- University of Pittsburgh
- New York University
- Rice University
- University of California, Los Angeles
- Eden Theological Seminary
- Arizona State University
- NC State University
- Purdue University
- Atlantic Cape Community College
- University of the Cumberlands
- Oregon College of Oriental Medicine
- University of Delhi
- Homboldt State University
- The University of North Carolina at Greensboro
- University of Mount Olive
- Michigan State University
- Rochester Institute of Technology
- University of Tennessee
- St. Cloud State University
- University of Arizona
- University of Buffalo
- University of Washington
If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!