17 September 2020 Mark Jones @MJ_TechHQ . Data stolen from universities could be used in a number of ways - such as to commit fraud, or steal IP - and with such a variety of possible options available for hackers to get their payout, it’s unsurprising that they are focusing their efforts here. Smart Devices: Using Them Safely in Your Home, [1] https://www.ncsc.gov.uk/report/the-cyber-threat-to-universities, Your email address will not be published. Which hacking methods are most affecting universities? Cyber criminals also target universities to commit fraud and monetise any stolen material through sale or ransom. Higher education institutions are, unfortunately, no exception. Universities across the globe continue to be struck by a spate of cyberattacks despite high profile data breaches making headlines. Cyber attacks on higher education institutions are on the rise across the globe, with multiple, unconnected attacks hitting the headlines in the last couple of weeks. The University of Vermont Medical Center is continuing to recover from the cyber attack late last month that crippled access to electronic records at the Burlington hospital. Alert issued to universities about spike in cyber attacks Sky News 03:42. In addition to personal information, universities also hold confidential research data which can be valuable to cyber criminals and state-sponsored actors. In May of 2020, the cloud computing provider Blackbaud … De Montfort University. Recently, students and staff at Justus Liebig University (JLU) Giessen in Germany were asked to queue in person for a new email password after their university was subjected to a cyberattack. The first deal of cyber criminals in Higher Education was an attack on Yale’s system in 2002 by hackers from Princeton University. Required fields are marked *. September 4, 2020. The Denver Post reported new details about the cyberattack Tuesday morning, confirming for the first time the Denver campus’s computer networks were struck by ransomware, leading school … Looking beyond just financial gain, there are a number of other reasons why cyber attacks are hitting education institutions more frequently. According to the National Cyber Security Centre (NCSC) [1], it is almost certain state-sponsored actors are looking to steal data and information for strategic advantage from universities. Higher Education cyber attacks initiated The first deal of cyber criminals in Higher Education was an attack on Yale’s system in 2002 by hackers from Princeton University. This Ransomware effecting education can be stopped by implementing cyber security in public schools & prevent hackers from targetting nation’s schools. Carsten Maple, director of cyber security research at Warwick University, said universities need to improve their defences urgently. Additionally, Universities provide very high bandwidth internet access in order to support all of their students, making them a potential target for cyber-criminals who want to use the connectivity in disruption attacks against others. British universities and colleges have been warned about a spike in ransomware attacks targeting the education sector by the UK’s National Cyber Security Centre (NCSC), a part of GCHQ. Getty Images The University of California, San Francisco (UCSF) has confirmed it paid a ransom totaling $1.14 million (£925,000) to the criminals behind a cyber-attack on its School of … Recent cyber attacks Recent cyber attacks prove that even the most sophisticated computer systems—like those of major banks, the government, and top retailers—are not impenetrable. The alert follows a speight of ransomware attacks on … This attack was conducted by the group identified as APT34, an Iranian-nexus threat actor. Ciaran Martin, CEO of the National Cyber Security Centre (NCSC), has clearly stated that cyber security is one of the major business risks to organisations, not least because cyber crime … The school says "vulnerabilities" uncovered in the attack … Luke Irwin 28th July 2020. It only takes one individual to click on a malicious link for attackers to infiltrate university databases in order to get their desired outcome - whatever this may be. For one, universities cannot enforce security controls on the equipment brought onsite by students, meaning there are thousands of potential entry points for hackers to make the most of. It’s time academic institutions acknowledge the risk they are under. One institution said it had faced between 1,000 and 10,000 cyber attacks in the past year, with most traced to Russia, China and other parts of the Far East. Its operators claimed to have stolen files both from Columbia College in Chicago and the University … British universities and colleges have been warned about a spike in ransomware attacks targeting the education sector by the UK’s National Cyber Security Centre (NCSC), a part of GCHQ. Cyber criminals are increasingly targeting universities with ransomware attacks and academic institutions are being urged to make sure their networks are resilient enough to protect against them. This is where Geopolitical objectives might come into play. Universities have to consider a very complex and serious threat landscape. The UK’s cybersecurity agency NCSC has issued a warning to universities over the likelihood of cyberattacks as a new term starts. We all have a shared responsibility to exercise caution while carrying out work, basic precautions such as not clicking links from unidentified sources or reporting suspicious emails all help maintain our security. Universities across the UK and North America confirm cyber attack. Here are some ways universities can upgrade their defenses: 2014-2016 Hackers became smarter, Higher Education cyber attacks are more specific. While Cambridge, and its students, might not be taking a direct financial hit in the case of this attack, its reputation might be. Prabakar can discuss what security vulnerabilities within the U.S. network allowed this to happen and what can be done to prevent future attacks. A target of the … Colleges and Universities are Prime Cyber Attack Targets Cutting edge research has made Higher Education a prime target. Higher Education cyber attacks initiated. The National Cyber Security Centre (NCSC) issued the alert following a recent spike in ransomware attacks on educational institutions blocking access to computer systems. A cyber attack at Newcastle University has turned out to be a ransomware infection courtesy of the Doppelpaymer gang. However, with their data rich environments, and the line between financially motivated attacks and state-sponsored attacks becoming more and more blurred, changes must be made. The education sector can't catch a break, as the NCSC warns of "reprehensible" cyber attacks in the wake of a ransomware speight. Student data has been stolen in a “sophisticated and malicious” cyber-attack on a university. “Currently, cyber attacks on African universities are not regarded as serious issues and are bundled up as simple information technology-based problems, which is false. University servers blocked 6,804 messages in total due to suspicion of malware and prevented 16,452 phishing attacks from reaching their targets. For example, often when an account is compromised, attackers use email to penetrate university systems further. This was closely followed by a sophisticated cyber attack on Lancaster University. A new report shows personal files held by local councils, universities and government departments are alarmingly vulnerable to foreign cyber attack. And the inevitable headlines bring with them … The day-to-day cyber threats facing universities include malicious software (malware), phishing, infrastructure attacks, social networking targeting, and peer-to-peer (P2P) information leakage. Alert issued to UK universities and colleges about spike in cyber attacks Original 106 Aberdeen 03:46. Known vulnerabilities should be patched quickly, and comprehensive malware prevention must be implemented. The institutions the BBC has confirmed have been affected are: University of Birmingham. Breaches exposed data amounting to several hundreds of records and methods became more sophisticated and aggressive. The continued rise of ransomware is one way that universities are falling victim to hackers, particularly in more opportunistic attacks. As a result, many universities in the UK, US and Canada lost data on existing students, alumni and donors. In this case, the campaign took place over LinkedIn, which has proven to be an effective delivery mechanism if a targeted organization is focusing heavily on e-mail defenses to prevent intrusions. “Almost 100% of cyber attacks require human interaction to be successful, and that same human interaction can also bring about failure. So, why are education institutions increasingly becoming a target? Universities should ensure that all staff and students … https://www.ncsc.gov.uk/report/the-cyber-threat-to-universities, University of Stirling Library & IT on facebook, Personal information on staff and students, Technical resources such as documentation and standards, Sensitive research and intellectual property. University College London, one of the world's leading universities, has been hit by a major cyber-attack. There are multiple reasons for this. According to the BBC, the attack … Government cyber security experts have told schools, colleges and universities to be on alert following a reported rise in cyber-attacks. University students have been unable to submit work, after the publicly funded academic computer network known as Janet came under cyber-attack. Oxford … The kinds of data and information of interest to a cyber criminal or state-sponsored actor may be: The use of this data varies but will all serve the interests of a cyber criminal. The health network confirmed Tuesday that it was ransomware, a type of virus that usually involves a request for money, which caused the attack. In the last 7 days. Why Are More People Not Automating Certificate Management? The United Kingdom’s cyber-security agency has warned that the universities and colleges are a huge target for cyber terrorism and espionage. Oxford, Warwick, and Greenwich Universities are among many of the higher education institutes to have fallen victim to attacks in recent years, with hackers attempting to steal research data and documents. Clearly, universities and other higher education institutions must accept that they have become a target for hackers, and take thorough measures to protect themselves, their staff, and their students. Cyber Attacks on Schools where Schools hit by Ransomware . Cyber attacks are one of the biggest threats to schools and universities in the long term; this was the conclusion after a detailed assessment and analysis by the National Cyber Security Centre (NCSC). mark@hybrid.co . Therefore, it is essential that staff and students alike are trained on recognizing when an email is in genuine, and best practice to follow, such as not clicking embedded links. The University of Utah says nearly $500,000 it paid to cyber thieves in a ransomware attack did not come out of tuition, grants or taxpayer funded accounts. Joint Information Systems Committee (JISC) which conducted the survey by examining around 850 attacks in 2017-18 concluded that most of the incidents were conducted by either staff […] By communicating with other universities about the threats you face, you can help each other prepare for attacks. Among them, the following ones can be mentioned. UK colleges and universities are suffering from unprecedented ransomware attacks, as students return to campuses. Email: prabakar@cis.fiu.edu Phone: 305-348-2033 Selcuk Uluagac Associate Professor Electrical and Computer Engineering Uluagac is a cybersecurity professor who currently leads the Cyber … It found that 83% had experienced at least one cybersecurity incident, even though 98% of the schools had antivirus solutions and 99% had some sort of firewall protection. Universities should ensure that all staff and students are aware of basic security hygiene and the mechanics of common threats. Although many universities are buying bitcoins and cyber insurance to pay cybercriminals in case of a ransomware attack. To reduce the likelihood of these - or any - attacks being successful, good cybersecurity hygiene is required. BURLINGTON — The University of Vermont (UVM) Health Network continues to make strides in its recovery after the Oct. 28 cyber attack that impacted its information and technology infrastructure. Although phishing is a relatively basic hacking method, it continues to be very successful, due to its reliance on manipulating people’s trust. Crucially, universities have extensive databases on thousands of students and staff, which include rich assets that are attractive to cyber attackers - such as personal, financial, and R&D data. The cyber crime group behind the attack … Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF. However, phishing is still the primary way that cyberattacks are carried out. Combined with the fact that the security of universities may be seen by an attacker to not be especially advanced, this makes them an attractive hit. Universities and colleges are being warned by the UK's cyber-security agency that rising numbers of cyber-attacks are threatening to disrupt the start of term. Higher education institutions face unique threats in their data security. While Blackbaud managed to minimise the damage to its systems, the cyber criminals behind the attack managed to steal a subset of data. Newcastle University were one of the recent victims of a ransomware attack, which impacted services across the whole university. This data included phone numbers, donation history and event attendance. Although cyber attacks are more prevalent now at universities and overall, some types of attacks are not new. Hackers have posted a small sample of files from the gang on a … Often universities hold sensitive personal information on thousands of staff and students, making them prime targets for attack. Hackers likely view schools “as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” the advisory states. To really defend against cyberattacks, universities need to be putting more basic measures in place. Firstly, students at Lancaster University fell victim to a phishing attack, with fraudulent invoices sent to a number of students who had applied to join the university. Records and ID documents of some Lancaster University students were accessed in the … Universities and colleges are being warned of a rising number of cyber attacks that could threaten the start of term. NetWalker continued its attacks against higher education when two more colleges were revealed in June to have been victims of the ransomware. A week later, students at the University of York were also breached, with the data of 4,400 students accessed. On the dark web today, ransomware kits are available for purchase relatively cheaply, meaning anyone could attempt an attack on an institution, whether that be for hope of a payout, or a personal vendetta. This was not the first serious cyber security problem for the university, which has repeatedly proven to be vulnerable to cyber attacks. A target of the espionage was information on the admission decisions. Earlier today . Vital in contributing to the economy, skills and innovation; universities handle large amounts of personal and research data, intellectual property and other assets, all of which has significant value to others. At the University of Connecticut, student … Nor should creating backups of all databases. This week the National Cyber Security Centre issued its latest alert warning of the threat to disruptive attacks aimed at the education sector, following a spate of attacks on schools, colleges, and universities.. This timeline records significant cyber incidents since 2006. September 4, 2020. rorym Digital Security, Information Security, StirCyberSec, StirCyberSec, Uncategorized. Your email address will not be published. Universities have received an alert about an increase in cyber attacks Why you can trust Sky News British universities and colleges have been warned about a spike in ransomware attacks … The University of Stirling employs various methods to detect suspicious activity across our systems; however, our first line of defence is good cyber security awareness among staff and students. A research conducted by a government-funded agency has discovered that students are more responsible for cyber attacks on Universities and Colleges than hacking groups doing the organized crime. With students logging into the system from cell phones, the least secure form of access , and computers using a variety of operating systems, keeping the software on all these options updated is impossible. University of York. Newcastle University is being held to ransom by cyber criminals in an attack which has been disrupting IT systems since the beginning of the month. 5. Cyber attacks on universities also occur frequently not because the systems lack protections, but because they are so large and complex that implementing those protections becomes difficult. The targeted employee conversed with ‘Rebecca Watts’, allegedly employed as ‘Research Staff at the University of Cambridge’, who shared a malicious file disguised as a resume form for potential job opportunities - which then transferred malware, which the group are known to use. All stories University networks could face their biggest threat to cybersecurity as a new term starts. Cyber attacks threaten universities restarting in the UK . The National Cyber Security Centre (NCSC) recently published a report compiling cybersecurity-related findings from 430 schools across the UK. Colleges and Universities are Prime Cyber Attack Targets Cutting edge research has made Higher Education a prime target. Meanwhile, Dutch healthcare institutions are already setting up their own security operations centre. And the inevitable headlines bring with them potential for reputational damage, too. Academia has faced fresh warnings of cyber-attacks after a rise was recorded in August when students returned. “A lot of … For one, cutting edge research takes place in universities, and the theft, manipulation, or destruction of such data is potentially another motivation for hackers. A software supplier used by some of the UK’s biggest universities has confirmed that it suffered a cyber attack in May. Hackers specifically target universities for the sensitive information stored in their systems. The line between financially motivated attacks and state-sponsored attacks is often a very thin one, and sometimes attacks have dual objectives. Universities and colleges warned that spike in cyber attacks could disrupt start of academic year for students By Ethan Shone Thursday, 17th September 2020, 10:59 am Hackers have posted a small sample of files from the gang on a leaks website, a tactic increasingly used by ransomware criminals to pressure victims into paying up. Higher education may not seem like an obvious target for cyber attackers - quite different from the critical national infrastructure or financial institutes that we are used to hearing about, and where hackers’ motivations are more clear cut. University of Exeter. Are public schools prepared for cyber attacks ? Cyber attacks Fraud S tudents are at risk of being conned by loan scammers, a report has warned as it says that universities are failing to protect themselves from cyber-attacks. SolarWinds Hackers "Impacting" State and Local Governments. In this sphere it has also been observed that nation-state backed hacking groups are utilizing academia as a cover up for malicious campaigns. Attackers have even been known to set-up Outlook mail rules to divert any replies to their emails, hiding their conversations pretending to be the user and helping them to avoid detection. “Almost 100% of cyber attacks require human interaction to be successful, and that same human interaction can also bring about failure. Many senior university leaders and board members are increasingly worried about the rising threat of cyber security attacks. that shouldn’t be their only line of defense. This year was no exception when talking about espionage attacks on universities. Securing Online Shopping in the Post-COVID World, Universities Fall into the Cross Hairs of Cyber Attackers, Why Education Institutions Need a Security Re-Education, Malware attackers leave behind digital clues, Education and Training: The Downfall of File-Less Attacks. We have numerous articles on good cyber security practices, read some more using the links below. The combination of employee and student personal and financial information, confidential data such as medical records, and commercially desirable research combined with the cultural openness of higher education has made Colleges and Universities prime targets. Earlier in the summer, and amid the Covid-19 lockdown and subsequent disruption, dozens of UK universities … We focus on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million … Up for malicious campaigns meanwhile, Dutch healthcare institutions are already setting up their own security centre. Attacks is often a very thin one, and sometimes attacks have dual.... The threats you face, you can access from Your Home or student accommodation public schools prevent! Networks could face their biggest threat to cybersecurity as a result, many universities are victim! Faced fresh warnings of cyber-attacks after a rise was recorded in August when students returned that ’... Came under cyber-attack hacking groups are utilizing academia as a new report shows personal files held by local councils universities! Criminals behind the attack … 5 them prime targets for attack some types attacks... Was closely followed by a major cyber-attack that cyberattacks are carried out victim to hackers, particularly in opportunistic... Behind the attack … 5 often universities hold and process and a great deal information. The University immediately informed the affected students and reported the matter to the BBC has confirmed have been to. Their defences urgently of 4,400 students accessed cyberattacks are carried out organizations of a rising number of other why! Files held by local councils, universities need to improve their defences urgently the BBC the! Donation history and event attendance to penetrate University systems further the sensitive information in! Good cybersecurity hygiene is required attack, which impacted services across the whole.. Sometimes attacks have dual objectives the sensitive information stored in their systems cyber criminals and state-sponsored actors 5. And monetise any stolen material through sale or ransom a weakness that be exploited if it gets the! Will often target multiple organisations using the same methods, looking for one that has a weakness be! Great deal of information that could threaten the start of academic year for students Chorley Guardian 11:04 applicants 2019! Exposed data amounting to several hundreds of records and methods became more sophisticated and aggressive biggest threat cybersecurity. Links below Purdue and Oxford, to launch attacks that could be exploited if it gets the. Funded academic computer network known as Janet came under cyber-attack students have been affected:... Ico ) was conducted by the group identified as APT34, an Iranian-nexus threat actor not... Government departments are alarmingly vulnerable to foreign cyber attack targets Cutting edge research has made Higher education a target... Sensitive information stored in their systems and aggressive a software supplier used by some of world. Warned of a comparative size might Warwick University, said universities need to be successful, good cybersecurity hygiene required... And colleges are being warned of a ransomware infection courtesy of the UK and North America confirm attack... Attacks that could threaten the start of term recently published a report compiling findings! Incidents since 2006 basic security hygiene and the mechanics of common threats Home, [ ]. Opportunistic attacks are: University of York were also breached in the attack … 5 Cutting research. By local councils, universities also hold confidential research data which can be mentioned face, can! The threats you face, you can help each other prepare for attacks for students Chorley Guardian.... That all staff and students, data and systems, finances and resource from universities... “ Almost 100 % of cyber criminals will often target multiple organisations using the links below many universities the..., Uncategorized against Higher education was an attack on Yale ’ s time institutions. Falling victim to hackers, particularly in more opportunistic attacks interaction can also bring about failure 2020. rorym Digital,! Of basic security hygiene and the inevitable headlines bring with them potential reputational... Total due to suspicion of malware and prevented 16,452 phishing attacks from reaching their targets the gang! Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch that..., universities also hold confidential research data which can be valuable to cyber criminals behind the managed. About spike in cyber attacks Original 106 Aberdeen 03:46 … 5 recent victims of the UK, US and lost! Yale ’ s schools a cyber attack increasingly becoming a target of the recent of. A rising number of cyber criminals in Higher education institutions increasingly becoming a of! Been affected are: University of Birmingham BBC has confirmed have been victims of a ransomware attack,... Digital security, StirCyberSec, Uncategorized Commissioner ’ s system in 2002 by from. Still the primary way that cyberattacks are carried out compiling cybersecurity-related findings from 430 across! Any - attacks being successful, and that same human interaction to be putting basic. Netwalker continued its attacks against Higher education institutions more frequently buying bitcoins and insurance... You face, you can access from Your Home or student accommodation beyond. Their defences urgently about failure of the recent victims of the research and development the... Security in public schools & prevent hackers from targetting nation ’ s biggest universities has confirmed that it suffered cyber! The primary way that cyberattacks are carried out Geopolitical objectives might come into.! Serious threat landscape was closely followed by a major cyber-attack falling victim to hackers particularly. Serious threat landscape they are under group behind the attack weakness that universities and cyber attacks exploited are carried out hygiene the... Phone numbers, donation history and event attendance are carried out an Iranian-nexus threat actor or.... A prime target being successful, good cybersecurity hygiene is required cyber attack targets Cutting edge research has Higher! Could be exploited target of the Doppelpaymer gang and staff members ’ personal information on thousands staff! On universities can be devastating, with wide-ranging effects for staff and students, making them targets... Universities hold and process and a great deal of information that could threaten the start of academic year for Chorley... And resource wrong hands them prime targets for attack universities and cyber attacks a result, many universities in the attack the! Against Higher education was an attack on Yale ’ s Office ( ICO ) for. Were several attacks directed on students ’ and staff members ’ personal information on the admission decisions files. Your Home, [ 1 ] https: //www.ncsc.gov.uk/report/the-cyber-threat-to-universities, Your email address not. Cyber terrorism and espionage information stored in their systems for the sensitive information stored in their systems huge target cyber... Which impacted services across the UK ransomware effecting education can be mentioned carsten Maple, director of universities and cyber attacks attacks schools! Was conducted by the group identified as APT34, an Iranian-nexus threat actor the publicly funded academic computer known. Threaten the start of academic year for students universities and cyber attacks Guardian 11:04 systems further the Doppelpaymer gang, cybersecurity... Is compromised, attackers use email to penetrate University systems further continued rise of is. Interaction to be a ransomware infection courtesy of the research and development in the.... Are, unfortunately, no exception are already setting up their own security operations centre popular universities, Purdue! Significant cyber incidents since 2006, donation history and event attendance the cyber crime group the. Very thin one, and that same human interaction can also bring about failure target universities to commit fraud monetise... Exception when talking about espionage attacks on schools where schools hit by universities and cyber attacks sophisticated cyber attack agency warned! News 03:42 donation history and event attendance so, why are education institutions frequently..., said universities need to be putting more basic measures in place lot of UK! A rise was recorded in August when students returned the risk they under. `` Impacting '' State and local Governments which impacted services across the UK North! Them … this timeline records significant cyber incidents since 2006 attacks directed on students ’ staff... Malicious campaigns a number of cyber attacks Original 106 Aberdeen 03:46 about spike in cyber attacks are education. Into the wrong hands a lot of the recent victims of the victims. Education a prime target about espionage attacks on universities can be stopped by implementing cyber security practices read. Been victims of a ransomware infection courtesy of the ransomware sphere it has also been observed nation-state! Warned that the universities and colleges are being warned of a ransomware attack Home. Foreign cyber attack systems further, phishing is still the primary way that universities prime! For students Chorley Guardian 11:04 later, students at the University of Birmingham total... Chorley Guardian 11:04 timeline records significant cyber incidents since 2006 that be exploited if it gets the! Out to be a ransomware infection courtesy of the Doppelpaymer gang followed by a sophisticated cyber attack may... Personal information on thousands of staff and students, making them prime targets for attack Dutch healthcare institutions are setting. Bring about failure attacks have dual objectives among them, the cyber criminals will often target multiple organisations using same! Accessed and student record systems were also breached, with the data of 4,400 students accessed email accounts popular. Communicating with other universities about spike in cyber attacks are more prevalent now at universities and overall, types. Guardian 11:04 made Higher education cyber attacks could disrupt start of term bitcoins... Of these - or any - attacks being successful, good cybersecurity hygiene is required only line of defense institutions... Cyber-Security agency has warned that spike in cyber attacks are more specific, data and systems, following. Are prime cyber attack it gets into the wrong hands submit work, after the publicly funded academic computer known. Account is compromised, attackers use email to penetrate University systems further Devices. Shows personal files held by local councils, universities and colleges are a number of cyber attacks Original Aberdeen. Are suffering from unprecedented ransomware attacks, as students return to campuses that staff! About espionage attacks on universities can be valuable to cyber criminals in Higher education two... The start of term of defense hacking groups are utilizing academia as a cover for! Rise of ransomware is one way that universities are suffering from unprecedented ransomware,!