San Diego USD
By Charles Parker, II; Cybersecurity Lab Engineer
High schools are much like universities and colleges, in that these hold a mass amount of data which may easily be sold. This assists in making them more of a target. This coupled with their budgetary constraints makes InfoSec difficult at times, much like this recently especially was for the San Diego USD.
Attack
This compromise is a bit different than most of the others. The reports are the school district is not sure of the attack vector, however, they believe this was the effect of a relatively simple, yet effective, phishing attack. The attackers gained access through securing the authorized user’s credentials. In this case, the attackers gained and maintained their access for 11 months (January through November). This is odd. Seemingly, the school district’s SIEM would note the access from odd hours, the number of accesses being odd, the IP being unique to the other general logins, and the amount of data being exfiltrated. This would be the case unless the school district did not have one in place during the attack. The school district finally became aware of this in October 2018.
Data
Generally, data is the end goal for the attacker. With this, they are able to generate revenue through sales of the data, use this as leverage for the target, etc. Through the compromise and process, the attackers were able to exfiltrate a significant amount of data. This encompassed 10 years of data, from the 2008-2009 school year to 2019, when the attack was detected. There were approximately 500k of students and staff affected. In addition to the length, the breach was open, and the number of years of data exfiltrated, there is also the ..
Support the originator by clicking the read the rest link below.
