Universities under attack

We know cyber attackers will exploit any individual or organisation for monetary gain, with potential consequences ranging from mild inconvenience to financial and reputational ruin. But were you aware that the coronavirus pandemic has created a new set of opportunities for cybercriminals, and that the stakes have never been higher?

Highly sophisticated cyber espionage groups, reportedly backed by Nation States, are going to great lengths to obtain data on vaccine development and research, or profit from the threat of its destruction or disclosure.

Universities are at the forefront of this research and so directly in the firing line. This is clearly evidenced by a recent spate of ransomware attacks, including the University of San Francisco California and The University of Utah. It is not believed any vaccine related data was lost or stolen in these attacks. However, it was likely the primary target and both institutions suffered significant financial losses as a result.

How do attackers get in?

There are thousands of potential technical vulnerabilities attackers can exploit to gain entry to a network. Universities, by their relatively open and accessible nature, tend to have a larger technical attack surface than private businesses. This is why, as a Cyber Essentials Plus certified organisation, we undertake rigorous system patching across our estate and are constantly working to improve our technical defences.

However, social engineering techniques such as Phishing are very effective and remain by far the most common attack vector to gain entry to a network.

How might this affect us?

In a recent incident, a member of staff known to be researching Covid-19 received a highly targeted Phishing email under the guise of initiating collaboration. If acted on, this could have led to a request to access a fake document platform, designed to steal login credentials.

Attackers can access a network using stolen credentials. Once inside, they will look to gather information that will allow them to escalate their privileges. They could then exploit technical vulnerabilities as an authenticated user in ways not possible as an outsider. Once sufficient access has been established, the attack is triggered.

Reporting Incidents

In recent weeks, we have seen a reduction in the number of Phishing and Social Engineering incidents reported to us. This is a positive sign, potentially indicating in that our technical defences are improving.

However, we must not become complacent. Please continue to report suspicious emails and possible malicious activity. By doing so, you might just help protect University data and prevent a financial or reputational disaster.

Find out more

 

Author: Information Security Team, DDIS