Today, Penn State announced that systems within the College of Liberal Arts were the target of cyberattacks by sophisticated threat actors. The attacks were discovered as a result of enhanced security measures in place after the discovery of the previously announced cyberattacks on the College of Engineering.
Security Operations & Services (SOS) staff worked in conjunction with FireEye’s cybersecurity forensic unit, Mandiant, to determine the scope of the attack and respond to it once signs of the intrusion were found in early May. It was determined that research data and personally-identifiable information (PII) were not compromised by the attack, but attackers were able to gain unauthorized elevated privileges to the College’s network after exploiting a vulnerability. Consequently, faculty and staff in Liberal Arts were required to set new passwords for their College-issued accounts.
This attack again makes clear the constant threat that exists in today’s computing environment. Nick Jones, Penn State’s provost and executive vice president, addressed this issue, saying, “As we continue to see in the news, large organizations, including governments, corporations and universities, must do more to protect sensitive data from increasingly aggressive criminals. This is particularly challenging at a large public research university, where collaboration and cross-pollination of ideas and information is at the very core of our academic mission. However, this is a challenge we must face directly and with determination.”
Faculty and staff in the College of Liberal arts are encouraged to visit the Secure Penn State website for more information on how these attacks affect your College IT accounts and the new security protocols that will be implemented. And all Penn Staters can regularly check the SOS website for any updates and information on this attack and other security information of interest to the Penn State community.