Canvas Breach Disrupts Schools & Colleges Nationwide

A data extortion attack targeting Canvas, an education technology platform, has disrupted classes and coursework at US schools and universities. The attack, carried out by a cybercrime group, threatens to leak data from 275 million students and faculty. The attack vector is a ransom demand on the service's login page.

1. The attack uses a ransom demand on the Canvas login page, leveraging the platform's vulnerability to disrupt classes and coursework.
2. The attack affects nearly 9,000 educational institutions and 275 million students and faculty across the United States.
3. The attack chain involves defacement of the Canvas login page with a ransom demand, potentially leading to data leakage.
4. Detection opportunities include monitoring for suspicious login activity and unusual traffic patterns on the Canvas platform.

T1059.003: Command and Control - Server Software: Web Shell
T1071.001: Application Access - Remote Desktop Protocol

Implement two-factor authentication and monitor login activity to prevent unauthorized access to the Canvas platform.