Wednesday, July 1, 2015

Harvard Breach - What did we see? - UPDATED

So it has been reported by news media this evening that Harvard has once again fallen to hackers. Security researcher and advocate databreaches.net contacted us to pass along the news article.

http://www.thecrimson.com/article/2015/7/2/harvard-it-security-breach/

So what did we know and when did we know it?

SLC Security Services LLC started seeing Dyre emails flowing through our sensor network on 21 June 2015. We posted a message about it on the Vulnerable Disclosures Blog on the 24th of June when we noticed the activity did not stop (which is staffed by our cybersecurity volunteers). Below is a screenshot of our original message:


Our sensors started seeing millions of email messages containing Dyre malware being sent out to many other systems.

This traffic started on the 21st of June late in the evening. On the 22nd we saw several dumps of Harvard email addresses on Pastebin and additional data on the 23rd and 24th. By the 25th the systems were scanning Internet host and attempting to hack into other systems (which we monitor and maintain).


Hopefully they can find a reputable security firm to secure their infrastructure. This has been at least 3 breaches since we really started paying attention to Harvard.

To be fair to all monitoring the situation Crowdstrike detected the activity on the 22nd of June as well and attributed the attack to Gothic Panda actors. Whether that is in fact the case remains to be seen.

Media Coverage:
https://threatpost.com/june-harvard-breach-hit-multiple-schools/113601

Upon researching it appears as though there may have been as many as 13 schools affected. In addition the personal login information from third party accounts may have also been compromised as we are seeing indications that some students personal email accounts have also been leaked in the same time frame. - Additional research performed on historical data on 3 July 2015.

Don't fall victim to breaches. Email our SOC soc(a-t)slcsecurity(dot)com and request a free 30 day trial of our threat intelligence platform today. We offer insights into breaches and in many cases we can tell entities are breached before they even notice it. SLC Security Services LLC operates a vast network of Intrusion Detection Sensors on the Internet, private networks and at select Internet Services Providers. For more information on our services visit www.slcsecurity.com today. 

No comments:

Post a Comment