University’s Emergency System Hacked by Cybercriminals to Issue Threats towards Students and Faculty - 1

University’s Emergency System Hacked by Cybercriminals to Issue Threats towards Students and Faculty

  • Written by Ari Denial Cybersecurity & Tech Writer

Hackers hijacked Bluefield University’s RamAlert emergency alerts system and threatened to leak admissions data unless the university paid a ransom. The hackers used the system to send messages to students and staff, urging them to pressure the university’s president to meet their demands.

The university’s investigation into the attack found no evidence of financial fraud or identity theft, and it assured faculty and students that it was safe to use its resources.

However, on May 1st, 2023, the Avos ransomware gang still had access to the university’s RamAlert system. The cybercriminals used the system to send out text messages and emails, threatening to leak personal data unless a ransom demand was paid. The university has not disclosed whether it paid the ransom or not. WVVA was the first to report the incident.

The Avoslocker Ransomware gang sent alerts to students and staff at Bluefield University, claiming to have hacked the university network and extracted 1.2 TB files. The group urged recipients not to believe the university’s claims downplaying the severity of the attack and shared links to their data leak site. They planned to leak the first sample on May 1st, 2023.

The Avoslocker ransomware gang used Bluefield University’s hijacked RamAlert system to deliver a final message threatening to publish all stolen data if the university did not pay the ransom. The group released some stolen data, including the President’s W-2 Tax Form, and a document related to their insurance policy. Bluefield University is still restoring its systems, and there is no evidence of student data abuse.

University admitted that their emergency alerts system had been hacked and warned against responding to messages or clicking on links from cybercriminals. Ransomware groups have resorted to various methods of double and triple extortion, including calling partners, emailing customers and competitors, and setting up data leak portals. The use of an emergency alerts system for extortion appears to be a new tactic, highlighting the extreme lengths ransomware actors will go to increase their leverage.

CISA Issues Warning on Critical Vulnerabilities Found in Illumina’s DNA Sequencing Devices - 2

CISA Issues Warning on Critical Vulnerabilities Found in Illumina’s DNA Sequencing Devices

  • Written by Ari Denial Cybersecurity & Tech Writer

An Industrial Control Systems (ICS) medical advisory has been issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) regarding a severe vulnerability affecting medical devices manufactured by Illumina.

In a warning issued, the Cybersecurity and Infrastructure Security Agency (CISA) has cautioned that Illumina’s medical devices contain a severe vulnerability that could enable an unauthorized individual to upload and execute code at the operating system level remotely.

This could potentially lead to unauthorized access to sensitive data, manipulation of settings, configurations, and software. Illumina, a California-based medical technology firm that specializes in developing and producing advanced bioanalysis and DNA sequencing machines, has its devices utilized for DNA sequencing in various settings, such as clinical, research, academic, biotech, and pharmaceutical environments across 140 countries.

The FDA has issued an advisory stating that Illumina has notified its affected customers to check their medical devices for any indication of exploitation of the recently discovered vulnerabilities.

One of the vulnerabilities (CVE-2023-1968) is deemed critical and could enable remote attackers to bind to exposed IP addresses, potentially leading to unauthorized access to network traffic and finding more vulnerable hosts within the network.

Additionally, some of these devices, which can operate in either clinical diagnostic mode or RUO mode, have been labeled “For Research Use Only. Not for use in diagnostic procedures.” Some labs may utilize them for clinical diagnostic purposes, despite being intended for research use only.

Illumina has identified two vulnerabilities in its software, with the first flaw allowing for modification of settings, sending of commands, and possible unauthorized data access. The second flaw permits UCS users to execute commands with heightened privileges.

Devices and software versions not listed are unaffected by these vulnerabilities. Illumina has released a bulletin detailing the necessary steps to be taken based on the product and system configuration.

To address the vulnerabilities in Illumina’s medical devices, recommended actions include updating system software using product-specific installers, configuring UCS account credentials, and closing firewall ports.

Additionally, CISA advises users to minimize control system exposure to the internet, using firewalls to isolate them from the wider network and employing VPNs for remote access .