The Penn State College of Engineering’s computer network has been temporarily disconnected from the Internet after its system was targeted by two cyber-attacks which were said to be advanced persistent threat and one of which was carried out by a threat actor based in China, using advanced malware.
“This was an advanced attack against our College of Engineering by very sophisticated threat actors,” said Eric J. Barron, President of the Penn State, wrote in a message on May 15.
“University leadership announced that our College of Engineering has been the target of two highly sophisticated cyberattacks. So, as a response, the college’s computer network has been disconnected from the Internet. Our experts expect the network to be back up and running in several days,” he
The Penn State officials announced on May 15 that FireEye Cybersecurity Forensic Unit Mandian, which was hired by the college, discovered the breach and confirmed that at least one of the two attacks to the college system was from China.
Now, the system has been disabled by the college to securely recover.
“In order to protect the college’s network infrastructure as well as critical research data from a malicious attack, it was important that the attackers remained unaware of our efforts to investigate and prepare for a full-scale remediation,” said Nicholas P. Jones, Executive Vice-President and Provost at the Penn State. “Any abnormal action by individual users could have induced additional unwelcome activity, potentially making the situation even worse.”
The college wrote that it has taken up plans to allow engineering faculty, staff and students to their and to upgrade affected computer hardware and fortify the network against future attack. The outage is expected to last for several days, and the effects of the recovery will largely be limited to the College of Engineering.
“I encourage all College of Engineering faculty, staff and students to visit http://SecurePennState.psu.edu/ for the latest information about steps they will need to take as the college recovers from the attack. This website also includes general information for all members of the Penn State community, including steps that all can take to safeguard their critical information, above and beyond the protections that already are in place,” Barron wrote.
According to the announcement, the FBI on 21 Nov, 2014 informed the Penn State about the cyberattack of unknown origin and scope on the College of Engineering network by an outside entity.
Soon after, the security experts from Penn State started working on a task to identify the nature of the possible attack and to take appropriate action, including the enlistment of third-party experts, chief of the Mandiant.
An investigation was carried out in every computer networks of the college.
Similarly, the University leadership reached out selectively to key administrators, academic leaders and IT professionals in the college. The IT officials also have taken steps to preserve critical data.
“Penn State should be commended for acting quickly to address these breaches, immediately launching a comprehensive internal investigation into the FBI’s report and retaining leading third-party computer forensic experts to assist in the investigation,” said Nick Bennett, senior manager of Mandiant. “These types of advanced attacks are difficult to detect and often linked to international threat actors which are ‘the new normal.”
According to the announcement, the researchers are yet to find any evidence to suggest that research data or any personal information such as social security or credit card numbers have been stolen.
However, they have evidence that a number of College of Engineering-issued usernames and passwords have been compromised.
In order to ensure the safety of College of Engineering faculty and staff at University Park and students at all Penn State campuses who recently have taken at least one engineering course, the college has requested them to choose new passwords for their Penn State access accounts.