In the wake of a malware attack hitting major universities, the stark reality of cyber threats comes sharply into focus. The University of California, Los Angeles was one of the victims of a cyberattack claimed by ransomware group Cl0p. The group exploited a vulnerability in MOVEit, a software product used for file transfers, to steal personal and sensitive data.

• Cyber Attack Type: Malware
• Affected Institutions: UCLA, University of Missouri, Stanford University’s School of Medicine, Rutgers University, University of Georgia, Yeshiva University
• Outcomes:
  • An unauthorized party accessed student and faculty names and contact information such as addresses, phone numbers, and email addresses
  • Staff salary and benefit information were exposed
  • Student and employee Social Security numbers and financial information were stolen, with some posted online
  • Affected institutions received ransom demands relating to the stolen data

While many institutions were directly hit due to their use of MOVEit, the effects of the breach broadened due to the number of higher education third-party vendors using the software. MOVEit, owned by Massachusetts-based Progress Software, is widely used to share sensitive information because the software is known to adhere to high levels of cybersecurity maturity.

In response to the malware attack, UCLA created a webpage to provide answers and address the needs of those impacted. They also worked with the FBI to conduct an investigation, engaged third-party security consultants to investigate the breach, and switched to a more secure file transfer software.

The success of this mass breach proves that even esteemed higher education institutions are vulnerable to cyberattacks. It also makes any college or university a viable and high-value target for cybercriminals, especially if they’re connected to the state and the government. Yet more importantly, it underscores the critical need to implement robust cybersecurity measures.

How to Avoid Falling Victim to Malware Attacks:

• Comply with UC cybersecurity standards, starting with completing the UC Cyber Security Awareness Fundamentals training at ucrlearning.ucr.edu
• Secure your systems by updating your software and operating systems when prompted
• Audit your software regularly 
• Carefully evaluate tools and solutions that have access to sensitive information
• Use strong and unique passwords with multi-factor authentication

UCR Information Technology Solutions provides campus units with best-in-class cybersecurity measures. Schedule a consultation with ITS today at sds@ucr.edu to learn how you can protect your organization from cyberattacks.