CISO Corner

Vice Society – A Threat to the Education Sector

Vice Society is a ransomware-as-a-service (RaaS) group that was established in 2021. They are believed to be a Russian-based intrusion, exfiltration and extortion group that primarily targets the education sector. This includes K-12 schools, colleges, and universities. Like other ransomware attacks, Vice Society is known to steal information from the institution, and then proceed to encrypt the data. This is done in that order, so they can double extort the victim by:

  • Demanding payment to unencrypt the data.
  • Demanding a second payment or the stolen data will be published on the dark web.

In 2022, Vice Society performed more than four times the attacks than the following group (Lockbit 3.0) coming to a total of 47 attacks they’re responsible for in the education sector.

Vice Society has no intentions of slowing down their attacks, so far this year they have already published the data of six schools on the dark web.

Attack Technique

Vice Society uses a technique called Living Off The Land (LOTL), these types of attacks utilise legitimate tools for malicious purposes. This allows them to carry out their attacks without being detected.

This group in particular uses one such tool known as Windows Management Instrumentation (WMI), this allows the group to manage and monitor Hardware and Software remotely, install malware and steal/encrypt valuable data.

What to Watch Out For

Vice Society are known to use very common tools to initiate their attack on an organisation, these include:

  • Phishing – A technique for attempting to acquire sensitive data, such as login details, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.
  • Compromised Accounts – An account with login details known by one or more unauthorised individuals, generally due to a successful phishing attack.
  • Exploits – The method of exploiting a vulnerability that is found usually on an out-of-date operating system, application, or website.

It is clear that Vice Society is a threat to the education sector and that organisations should be aware of their tactics and take the necessary precautions. As always, please be vigilant and hesitant of anything that you find to be suspicious and report it to IT Support.

If you have any questions or concerns, please feel free to contact our IT Support team on +61 (2) 6773 5000, servicedesk@une.edu.au.

 

Sources:

Malwarebytes – Vice Society

Submit a Comment

Your email address will not be published. Required fields are marked *