Hackers have been targeted universities extensively in the last year according to figures recently released by Kaspersky Lab.
Universities store very valuable information. As research group collate valuable proprietary data. The results of research studies are particularly valuable. It may not be possible to sell data as easily as credit cards and Social Security numbers, but there are certainly buyers will pay top dollar for valuable research. Nation state sponsored hacking groups are focusing on universities and independent hacking groups are getting in on the act and carrying out cyberattacks on universities.
There are many possible attack vectors that can be used to obtain access to university systems. Software flaws that have yet to be patched can be targeted, misconfigured cloud services such as unsecured S3 buckets can be logged onto, and brute force attempts can be used to estimate guess passwords. However, phishing attacks on universities are often witnessed.
Phishing is often linked with scams to obtain credit card information or login details to Office 365 accounts, with companies and healthcare groups often targeted. Universities are also in the firing line and are being attacked.
The reason phishing is so common is because it is often the most simple way to access targeted networks, or at least gain a foothold for additional attacks. Universities are naturally careful about protecting their research and security controls are usually used accordingly. Phishing permits those controls to be got around relatively easily.
A successful phishing attack on a student may not result in much damage, at least initially. However, once access to their email account is obtained, it can be used for additional phishing attacks on lecturers for example.
Spear phishing attacks on lecturers and research associates offer a more standard route. They are likely to have higher privileges and access to sought after research data. Their accounts are also likely to include other interesting and useful information that can be used in a wide variety of secondary attacks.
Email-based attacks can include malicious attachments that send information stealing malware such as keyloggers, although many of the the latest attacks have used links to fake university login web pages. The login pages are identical copies of the genuine login pages used by universities, the only difference being the URL on which the page is hosted.
Kaspersky Lab has revealed that over 1,000 phishing attacks on universities have been detected in the past 12 months and 131 universities have been focused on. Those universities are spread across 16 different countries, although 83/131 universities were in the United States.
Stopping phishing attacks on universities, staff, and students requires a multi layered approach. Technical security measures must be implemented to cut risk, such as an advanced spam filter to block most of phishing emails and stop them being sent to end users. A web filtering solution is vital for restricting access to phishing websites and web pages hosting malware. Multi-factor authentication is also vital to ensure that if account information is infiltrated or passwords are guessed, an extra form of authentication is required to gain access to accounts.
As a last line of security, staff and students should trained so they are conscious of the risk from phishing.
