Threat Actors Leverage Vulnerability to Access Student Information and Create Fake Accounts

The US Department of Education (DOE) has issued an announcement regarding an ongoing exploitation of a previously identified vulnerability in the Ellucian Banner (Banner) system, which could allow attackers to steal a victim's session. Threat actors leveraged this vulnerability to access admissions and enrollment data of approximately 62 colleges and universities. Then, they created over 1,400 fake accounts to conduct cybercrime. According to the alert, the attack may have also targeted the school's financial aid departments and could disrupt the administration of financial aid at the effected schools. The DOE also stated that they have been in receipt of information that indicates criminal elements are actively scanning the internet and developing lists of vulnerable institutions to victimize. The NJCCIC recommends educational institutions who use Ellucian Banner to review the NIST advisory for affected versions, and contact Ellucian and the DOE for patch or update information.