The U.S. Department of Education stated this week that hackers have broken the systems of 62 colleges and universities by exploiting vulnerability in the ERP web-based app.
Ellucian Banner Web Tailor, the Ellucian Banner ERP module that allows Universities to personalize their web applications in front of them is vulnerable. Ellucian Banner Enterprise Idemtity Services, a user account management module, also has an impact on the vulnerability.
Earlier in the year, Joshua Mulliken, a safety researcher, identified a vulnerability in the authentication mechanism used in both modules to allow remote attackers to hijack web sessions of victims and gain access to their accounts.
However, the education department says that the hackers are exploiting this vulnerability in a security alert published on Wednesday.
VULNERABILITY EXPLOITED IN THE WILD
“The Department has identified 62 universities or colleges that have had this vulnerability exploited,” officials said.
“We have also recently received information that indicates criminal elements have been actively scanning the internet looking for institutions to victimize through this vulnerability and developing lists of institutions for targeting with this exploitation.”
The Education Department reported that victims of attacks have reported that attackers have created thousands of fake accounts over days, and that about 600 counts have been created during the 24-hour period after their system broke up in the admissions or entry section of the affected banner system.
FAKE ACCOUNT USED FOR “CRIMINAL ACTIVITY
The officials said that the accounts were used “almost at once for criminal activities,” but did not provide any details as to the nature of the activity
The department officials have expressed concern that hackers may access financial help data for students as part of the Ellucian Banner web tailor system, which is linked to the rest of the ERP.
Officials are now urging universities and colleges that apply patches with versions of the ERP modules.
In a second safety alert, Ellucian also advises, after sending the first one in May, that company sent this week. The company denies, however, that the creation of the counterfeit accounts was associated with the ERP flaw and recent attacks.
“Attackers are utilizing bots to submit fraudulent admissions applications and obtain institution email addresses through admission application portals,” Ellucian added. “Ellucian recommends adding reCAPTCHA capabilities to the admission process to reduce the likelihood of experiencing fraudulent applications for admissions, even if institutions are not currently experiencing this issue.”
“Ellucian recommends adding reCAPTCHA capabilities a vulnerability that is not linked to the earlier patched Ellucian Banner System vulnerability.