Two Pilsen schools have recently been the target of a hacker attack. Krizik grammar school could not access its account due to the incident while secondary school in Nerudova Street lost all the work of its pupils. For data recovery the hackers demanded a high ransom.
Sputnik: How vulnerable are the European educational Wi-Fi systems when it comes to hacker attacks. It is incredible really, isn’t it?
Peirluigi Paganini: In this specific case hackers are gained access to a system, to a service that allows students to sign in to the Wi-Fi networks across Europe. Without further information it is not possible to establish the level of exposure of the networks.
Anyway, we have two possible scenarios: In the first one hackers have exploited that we are not vetting the authentication system. This is the worst case, because it is important to identify and fix the vulnerability as soon as possible.
In the second scenario, attackers simply used the credential belonging to an authorized user that could log in to the network using the credential that are the results from one of the numerous breaches that occurred in the past month.
Depending on the permission assigned to the specific hacked account, it is possible to perform a wide range of variation.
Sputnik: What measures can internet users actually implement to defend their systems against these types of attacks?
Peirluigi Paganini: First of all keep your systems and software up to date. When it’s possible, I suggest implement and adopt a two-way factor authentication systems. In this way, even if the attackers are able to steal your credentials it’s not possible for them to log in the system without the second factor, for example, the code that is sent normally by bank via SMS to the mobile devices. With the specific focus on the ransomware attacks, I can suggest you to keep your backup up-to-date and always be suspicious when you receive an unsolicited email, so these are the typical attack vectors.
Sputnik: Just give us some advice and recommendation moving forward how we can best protect ourselves.
Peirluigi Paganini: First of all every company must have a clear cybersecurity standard. This means that companies must have a clear idea of which are the attack vectors and which are the ways in which attacker exploit these attack vectors.
So this means that it is very important to have awareness for the employee and it’s very important to properly use any electronic device and any services, such as mobile services, [pub] computing and also internet of things devices. For each of these aspects, for each of these technologies, it is important that you use the best practices.
The views and opinions of Peirluigi Paganini are those of the speakers and do not necessarily reflect those of Sputnik.