Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Higher education has been the goal of ransomware criminals and data extortion. But never before, perhaps, has a cyberattack against a single program disrupted the daily operations of thousands of schools in the United States.
Widely used digital learning platform Canvas was put into “maintenance mode” on Thursday after its developer, education technology giant Instructure, suffered a data breach and faced cyber threats using the notorious moniker. “ShinyHunters.” Although hackers have been announcing the breach and attempting to pay ransom from Instructure since May 1, things quickly reached the general public in the US and beyond on Thursday as the Canvas downtime caused chaos in schools, including those in the middle of finals and end-of-year work.
Universities like Harvard, Columbia, Rutgers, and Georgetown sent out warnings to students about the current situation; other agencies, including school districts in at least a dozen states, appear to be affected. In a list published by the hackers who hacked their blackmail-focused website, the breach affected more than 8,800 schools. The exact size and reach of the breach is unknown, however. And the fact that Canvas went down on Thursday afternoon and evening messed up the picture.
In a fast situation update log that began on May 1, Steve Proud, chief security officer at Instructure, said the company “recently experienced a cyber security breach by a third-party threat actor.” He added on May 2 that “sensitive information” about “users at affected institutions” includes names, email addresses, student ID numbers, and messages exchanged by users on the platform.
The content was marked as “Resolved” on Wednesday, Proud wrote that “Canvas is fully functional, and we do not see any illegal activities taking place.” At noon on Thursday, however, Instruction social media page registered an “issue” where “some users are experiencing difficulties accessing Student ePortfolios.” In just a few hours, the company added another update: “Instructions put Canvas, Canvas Beta and Canvas Test in development.” Late Thursday evening, the company said Canvas was once again available “to more users.”
Results TechCrunch report Thursday that the hackers launched a second attack, infecting other Canvas schools by injecting an HTML file to display their message on the Canvas schools’ login page. According to Harvard CrimsonThe attackers modified the Harvard Canvas login page to display a message that contained a list of schools the hackers claimed were affected by the breach.
A message from the attackers “encouraged schools on the affected list to consult with a cyber consulting firm and contact the group privately to discuss a solution before the May 12 deadline — or risk their data,” The Crimson reported. “It is not clear what information associated with Harvard institutions was included in the alleged breach.”
Counsel did not immediately respond to a request for comment on Thursday’s termination and how it fits into the bigger picture of the breach. But it’s important because the amount of student data has been exposed, and the exposure of what’s happening across the country makes it a prime example of the long-standing, but growing problem of data theft and ransomware attacks.
The name ShinyHunters is associated with massive data loss and is associated with a well-known group known as hackers. and Com. But as the group of actors has changed over the years, many attackers have taken the most prominent ones associated with Com. Several recent attacks have mentioned other names, as Lapsus $with little or no connection to the original group operating under this name.
