Cybersecurity News

In the past, cybercriminals often operated with the motive to "do it for lulz," engaging in malicious activities purely for the sake of amusement or creating chaos. Today, they’re driven by profit, transforming into rational business entities seeking scalable, repeatable processes for a steady income. This change in motivation has made predicting their behavior somewhat easier, as their actions are now grounded in strategic objectives rather than unpredictable whims.

In 2024, we expect the ransomware threat will continue taking an opportunistic turn—a trend that we first highlighted in 2022, gained momentum throughout 2023 (marked by multiple advisories, culminating in the ongoing CitrixBleed exploitation), and is projected to reach maturity this year.

Every so often someone needs to create a more or less permanent internal identifier in their system every person's account. Some of the time they look at how authentication systems like OIDC return email addresses among other data and decide that since pretty much everyone is giving them an email address, they'll use the email address as the account's permanent internal identification.

As the famous saying goes, now you have two problems.

On Dec. 29, 2023, Memorial University became aware of an issue with the information technology (IT) services at Grenfell Campus.

As soon as the issue was discovered, security protocols were put in place to isolate the impacted systems and an investigation was launched. Memorial can now confirm that the issue is the result of a cybersecurity incident and law enforcement has been notified.

IT services at the Marine Institute have been temporarily shut down as a precaution. There is no indication at this stage that IT services or data on other campuses are impacted.

Memorial is committed to protecting the information entrusted to it and maintaining operations for students, faculty and staff to the fullest extent possible. Memorial is actively working with cybersecurity experts to conduct a forensic investigation to determine the cause and scope of the issue. This investigation is in its early stages and will likely take some time to complete. Memorial will directly notify any individuals whose information may have been affected by this incident.

Memorial’s Emergency Operations Centre has been activated and a team of pan-university experts are working together to mitigate impacts on academic, research and administrative activities.

More information about any changes that impact faculty, staff or students at Grenfell Campus will be shared in advance of the start of the winter 2024 semester. Information will be posted on mun.ca as it becomes available.