UNIVERSITY PARK, Pa. -- After a thorough investigation, Penn State announced today (June 26) that several systems in the College of the Liberal Arts have been the target of two cyberattacks by unknown, targeted threat actors. The FireEye cybersecurity forensic unit Mandiant has been working closely with Penn State to investigate and respond to the attacks since they were discovered on May 4, 2015. The investigation has found no evidence that personally identifiable information (PII) or research data were compromised.
The attacks were detected as the result of enhanced cybersecurity measures enacted by the University in the wake of the May 2015 announcement of a cyberattack on Penn State’s College of Engineering. In the College of the Liberal Arts, investigators have found that in one case, attackers exploited a vulnerability and gained unauthorized access to the college network. As soon as the attacks were detected, experts from Mandiant and Penn State moved to rapidly protect susceptible systems and took steps to prevent the attackers from returning to the network. Analysis of the College of the Liberal Arts’ systems will continue as part of Penn State’s enhanced security efforts.
“Penn State takes very seriously the security of the sensitive data in its care and we are continuing to investigate the circumstances that ultimately allowed attackers to access the network in the College of the Liberal Arts. Over the last several months at Penn State, we have implemented advanced monitoring techniques designed to better detect these intrusions, and that is what happened in this case,” said Nicholas P. Jones, Penn State’s provost and executive vice president. “As we continue to see in the news, large organizations, including governments, corporations and universities, must do more to protect sensitive data from increasingly aggressive criminals. This is particularly challenging at a large public research university, where collaboration and cross-pollination of ideas and information is at the very core of our academic mission. However, this is a challenge we must face directly and with determination.”
Mandiant’s investigation did not reveal evidence that any PII or research data were accessed or stolen by attackers. However, investigators do have direct evidence that a number of College of the Liberal Arts-issued usernames and passwords were compromised. As a result, faculty and staff in the college are required to choose new passwords for their college-issued access accounts (there will be no password resets for their University-wide access accounts). Affected faculty and staff can learn more about the steps they need to take at http://SecurePennState.psu.edu/.
Activity by attackers against the College of the Liberal Arts was first detected by Mandiant on May 4 as a result of more aggressive network security measures and evaluations put in place by Penn State. As immediate measures were taken to protect the network and expel the attackers, investigators began to understand the full scope of the attack and formulate a plan of action. The investigation revealed that the earliest sign of intrusion dates back to March 4, 2014.
As IT professionals work to repair and upgrade the college’s systems and network, Liberal Arts faculty, staff and students may experience minor disruptions in college connectivity, services and resources. The college expects to return to full operation by tomorrow (June 27).
On an average day last year, Penn State alone repelled more than 22 million overtly hostile cyberattacks. However, in light of increasingly hostile and coordinated threats against large organizations around the world, Penn State has launched a comprehensive review of all related IT security practices and procedures. This review is part of a wider effort to protect University employees and sensitive data from attack.
University administrators also have accelerated plans to implement an enhanced login protocol known as two-factor authentication. The College of the Liberal Arts will immediately join the College of Engineering and administrative areas that have access to core University infrastructure or mission-critical online services as early adopters of two-factor login. This security feature will be rolled out University-wide in the coming months.