Indiana Department of Education (IDOE) website has been pulled down following an attempted hack by Nigeria cyber army- a notorious group of cybercriminals who’ve been raking havoc on US cyberspace. The group exploited a known vulnerability in widely used Drupal content management software to compromise the site. “This morning (Monday), the Indiana Department of Education’s website was hacked due to an apparent Drupal vulnerability,” reported IDOE.
Web users who tried to access the DOE website were directed to a message saying the site had been hacked by the Nigeria cyber army. IDOE spokesman Daniel Altman said the Agency was working on a fix but it was unclear when the site would be fully operational. “There’s a patch that we’re putting into place to fix it, but that obviously takes time,” Altman said.
Although there was no evidence of any stolen data in the Monday morning incident, the website was inaccessible throughout the day. “However, there is no sign that any data hosted on the website was compromised. The Department’s Information Technology staff has taken the website down temporarily while this issue is addressed. It is currently anticipated that the website will be down at least through the rest of the day,” read IDOE statement.
In the meantime, IDOE provided an interim page with links to important DOE resources at www.doe.in.gov including the Compass database of school and corporation reports and the department’s social media accounts.
Earlier last week, Drupal issued a ‘shocking’ statement warning its customers of a vulnerability in its software that allowed hackers to take full control of compromised sites. According to the security advisory, all Drupal customers who did not apply the patch after 7 hours of discovery of the bug “should proceed with the assumption” that their websites were compromised.
The bug in version 7 of Drupal software, is estimated to have affected over 5.1% of websites using Drupal to manage their web content. That implies over 12 million websites not patched on time were exposed to possible attacks.
Interestingly, hackers took advantage of the limited fixing time to ‘patch’ systems of unsuspecting victims, a ploy used to give them privileged access to compromised sites. “If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised — some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site,” the advisory adds.
Top/Featured image: By Ali Qamar / Security Gladiators