Discussions

 View Only
  • 1.  Cyber Risk Summary for Education Facilities

    Posted 07-22-2021 09:21 AM
    This came from the "New Jersey Cybersecurity & Communications Integration Cell and thought it would be helpful.

    Cyber Risk Summary for Education Facilities
    TLP: AMBER
    July 14, 2021

    NJCCIC Education Sector Members,

    On July 14, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released the attached summary outlining findings and a related factsheet from its Cyber Hygiene (CyHy) Vulnerability Scanning and Cybersecurity Assessments services. Identified trends are based on information collected in the calendar year 2020.

    • Education Subsector entities are likely vulnerable to threat actors who seek to exploit known critical and high vulnerabilities. These entities remediated critical severity vulnerabilities in 242.7 median days and high severity vulnerabilities in 215.3 median days, which likely indicates an extensive window of exposure to potential threat actor exploitation on internet-facing networks;

    • 60% of Education Subsector entities scanned via CyHy VS exposed risky services on internet-accessible hosts, which can provide initial access and communication channels for command and control and data exfiltration, via exposed services like Remote Desktop Protocol (RDP);

    • 53.3% of entities ran unsupported Windows operating systems (OSs) on at least one internet-accessible host at the end of Q4 of 2020, which further exposes entities to vulnerabilities that may enable compromise due to no longer receiving security updates.

    In addition to identifying vulnerabilities, the report provides a number of recommendations to reduce risks, including:

    • Prioritize remediation of vulnerabilities using a risk-based approach that considers the likelihood of an attack, ease of exploitation, and the magnitude of probable impact.

    • Securely configure internet-accessible ports and services on systems and devices by implementing strong identity and access management controls, including strong passwords, multifactor authentication (MFA), and the principle of least privilege; and

    • Update legacy software and OSs to supported versions in a timely manner and within organizational constraints.

    Education sector entities are encouraged to use the findings and recommended mitigations in the attached report to review their cybersecurity posture and capabilities, conduct further investigations, prioritize actions to mitigate vulnerabilities and guard against threats. Threat actors are motivated to leverage the weaknesses identified in the attached report to disrupt national critical functions and target education sector entities for financial or politically motivated reasons.

    Reporting

    The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.

    Please do not hesitate to contact the NJCCIC at njccic@cyber.nj.gov with any questions. Also, for more background on our recent cybersecurity efforts, please visit cyber.nj.gov.

    The information contained in this product is marked Traffic Light Protocol (TLP): AMBER, which means limited disclosure. DO NOT post this information on publicly accessible websites. No portion of this product should be released to the media. Recipients may only share TLP: AMBER information with members of their own organization, and with U.S.-based clients or customers who need to know the information to protect themselves or prevent further harm.

    #CybersafetyandDataSecurity

    ------------------------------
    William Stites
    Director of Technology
    Montclair Kimberley Academy
    ------------------------------

    Attachment(s)



  • 2.  RE: Cyber Risk Summary for Education Facilities

    Posted 07-23-2021 02:21 PM
    Turn on automatic Windows Updates on your servers and don't run out of date versions and you fix a huge chunk of these. However right now there are two bad unpatched zero days on Windows. Hopefully those ports aren't exposed to Internet though.

    ------------------------------
    Brian Hoyt
    French American School of Puget Sound
    ------------------------------