Published May 18, 2023
The education department for the Swiss canton of Basel Stadt has reportedly been hit by a massive cyber attack on May 10th by the BianLian ransomware group, according to canton officials.
The cyber incident led to the exfiltration and exposure of mission-critical information of the department on a darknet extortion site.
Given the sensitive nature of the leaked data, this massive cyber attack on Basel Stadt’s education department has rendered concerns while also shedding light on the increasing threat posed by ransomware to public institutions globally, reported The Swiss Times.
BianLian emerged in 2019 as a malware strain targeting Android devices and was first identified as a ransomware group in July 2022.
Since then, it has been held responsible for high-profile cyber attacks on organisations, such as Baer’s, IDEXX, Laderach, NewYorker, Meriton, Aarti Drugs Ltd, ISGEC Heavy Engineering, and St. Rose Hospital.
BianLian executes zero-day exploits and advanced persistent threats (APTs) to infiltrate a target system.
Once accessed, the malware encrypts the target files, making them inaccessible to authorised users.
Recently, the hacking group has shifted from target file encryption techniques while extorting victims. Instead, it now exclusively depends on threatening to leak the stolen data.
The spear-phishing attack against the Basel Stadt education department’s server occurred in January when a staffer was reportedly tricked into clicking a malicious link sent via the fraudulent email that allowed BianLian to access the department’s network and exfiltrate sensitive data.
According to sources with knowledge of this security incident, the hacking group leveraged the “living off the land” technique to move laterally within the target network and bypass the implemented security system.
A staggering 1.2TB of sensitive data was posted on the dark web when the ransom was not paid, the education department revealed.
According to BianLian, the exposed information includes sensitive data about the department’s financial records, accounting, and human resources, as well as the personal information of employees and students. For example, several high-ranking officials had their contact information exfiltrated and published on the BianLian dark website.
This massive cyber incident has caused significant operational disruption across the department, putting the affected individuals at risk of cyber crime, such as identity theft, fraud, etc.
The officials confirmed that the authority is investigating the extent of the cyber attack and determining which schools have been impacted.
Experts have urged the education department of Basel Stadt to cash in on high-end security measures to lock out cyber criminals and avoid serious repercussions caused by data breaches.
This isn’t the first time any Swiss public organisation has been hard-hit by cyber attacks, and more are about to be infiltrated if proper measures aren’t taken on time, according to experts.
The University of Zurich and other public educational institutions were also struck by cyber attacks earlier this year.
With the cyber threat landscape evolving in sophistication and intricacy, organisations must invest in educating their employees on attack vectors, periodic audits of the systems, and other essential security protocols.
For organisations looking to help employees improve their cyber security behaviour and strengthen their cyber security posture, investing in a high-end security awareness training service like CultureAI is a sensible decision.
The Basel Stadt education department is trying to restore the systems back to normal operations.
The authority confirmed that it has filed a complaint against the cyber criminals with the Swiss public prosecutor’s office.
Parallel House, 32 London Road