In recent weeks, several UK Universities have suffered major cyber-attacks perpetrated by highly sophisticated criminal gangs. The objective of these attacks is often to exfiltrate valuable research data, or to infiltrate the technical infrastructure with dangerous malware known as Ransomware.
The attacker will gain initial access to a network by using brute force or password spray attack techniques, or more commonly by stealing network credentials via phishing emails.
Once they have established a foothold, the attacker deploys low-level malware onto the network. This gathers information and eventually escalates access to administrator levels, allowing the attacker to deploy primary Ransomware. The Ransomware encrypts large swathes of stored data on the victim’s network file share servers. The attacker then contacts the victim, demanding a ransom payment for the decryption key – usually over £1M – and threatening to release sensitive information if the ransom is refused. This means that even if data can be restored from backup, it is not a fully robust defence.
The cost of ransomware attacks to affected institutions goes far beyond the extortion payment. Other costs associated with attacks include downtime, incident management and investigation, recovery, and reputational damage.
Digital and Information Services are taking the threat of Ransomware attacks extremely seriously. Here’s how you can help.
Although phishing is far from a new issue, it remains the most common point of entry for major cyber-attacks by far.
What can you do?
Look out for our External email warning banner. It’s common for attackers to impersonate our internal IT Service Desk, or other staff or students within the institution. If you see a banner at the top of an email that reads
‘CAUTION: External email. Ensure this message is from a trusted source before clicking links/attachments. If you are concerned forward this email to email@example.com’,
the email did not originate from a University of Aberdeen account.
- Find our more about phishing and how to spot phishing email in Toolkit’s Information Security resource.
Organised criminal actors are also reported to be using password spray attacks. These are similar in approach to brute force attacks, where a script repeatedly attempts to login to an account using common passwords.
However, while brute force attacks are generally thwarted by “rate limiting” (where an account will lockout for a certain time period after too many failed login attempts), password spray attacks attempt to login to many accounts sequentially using the same common password. They then circle back to the start and try a second password, and so on. This process dramatically reduces the effect of rate limiting as a defence.
What can you do?
The best defence against password spraying is to make sure you practice good password hygiene.
- Read our previous news item on passwords
- Make sure your password is not on this list of commonly compromised passwords
Find out more about recent cyber-attacks on Universities
- University of Central Lancashire among three hit by cyber-attacks
- Cyber attack disrupts services at the University of the Highlands and Islands
Further guidance and help
Find out more about on Toolkit’s Information Security resource.
Author: formation Security Team, DDIS