Universities under attack

Universities under attack

In recent weeks, several UK Universities have suffered major cyber-attacks perpetrated by highly sophisticated criminal gangs. The objective of these attacks is often to exfiltrate valuable research data, or to infiltrate the technical infrastructure with dangerous malware known as Ransomware.

Attack Methods

The attacker will gain initial access to a network by using brute force or password spray attack techniques, or more commonly by stealing network credentials via phishing emails.

Once they have established a foothold, the attacker deploys low-level malware onto the network. This gathers information and eventually escalates access to administrator levels, allowing the attacker to deploy primary Ransomware. The Ransomware encrypts large swathes of stored data on the victim’s network file share servers. The attacker then contacts the victim, demanding a ransom payment for the decryption key – usually over £1M – and threatening to release sensitive information if the ransom is refused. This means that even if data can be restored from backup, it is not a fully robust defence.

The cost of ransomware attacks to affected institutions goes far beyond the extortion payment. Other costs associated with attacks include downtime, incident management and investigation, recovery, and reputational damage.

Digital and Information Services are taking the threat of Ransomware attacks extremely seriously. Here’s how you can help.


Although phishing is far from a new issue, it remains the most common point of entry for major cyber-attacks by far.

What can you do?

Look out for our External email warning banner. It’s common for attackers to impersonate our internal IT Service Desk, or other staff or students within the institution. If you see a banner at the top of an email that reads

‘CAUTION: External email. Ensure this message is from a trusted source before clicking links/attachments. If you are concerned forward this email to spam@abdn.ac.uk’,

the email did not originate from a University of Aberdeen account.

Password Spraying

Organised criminal actors are also reported to be using password spray attacks. These are similar in approach to brute force attacks, where a script repeatedly attempts to login to an account using common passwords.

However, while brute force attacks are generally thwarted by “rate limiting” (where an account will lockout for a certain time period after too many failed login attempts), password spray attacks attempt to login to many accounts sequentially using the same common password. They then circle back to the start and try a second password, and so on. This process dramatically reduces the effect of rate limiting as a defence.

What can you do?

The best defence against password spraying is to make sure you practice good password hygiene.

Find out more about recent cyber-attacks on Universities

Further guidance and help

Find out more about on Toolkit’s Information Security resource.

If you’re still unsure, or if you would like advice, contact the IT Service Desk – servicedesk@abdn.ac.uk  or https://myit.abdn.ac.uk.


Author: formation Security Team, DDIS