Cyber attacks threaten universities restarting in the UK

• The UK’s cybersecurity agency NCSC has issued a warning to universities over the likelihood of cyberattacks as a new term starts
• The alert follows a speight of ransomware attacks on top universities in the UK, US, and Canada
• Attackers could leverage phishing scams, impersonating university officials  

The education sector has been one of the worst-affected by the pandemic, but just as a new term is about to start for UK universities, a further disruption could be added by the rising threat of cyber attacks. 

The UK’s cybersecurity agency NCSC (National Cyber Security Centre) has warned of a recent spike in “reprehensible” attacks on educational institutions, particularly ransomware, cautioning that a surge of attacks could “de-rail” preparations to restart. 

The agency’s alert follows ransomware targeting more than 20 universities and charities across the UK, US, and Canada who were victims to a supply chain cyber-attack via compromised cloud provider Blackbaud. 

Both Newcastle University and Northumbria have been targeted this month, as well as colleges in Yorkshire and Lancashire last month. 

According to Microsoft, 61% (nearly 4.8 million) of malware encounters reported last month took aim at the education sector, making it the most affected industry worldwide. In the UK, universities are targeted by up to a thousand attacks a year.

Malware is used to lockout users from their own computer systems, which can bring networks down indefinitely, ceasing access to online services, websites, and phone networks.

Attacks may also target valuable research or attempt to hijack equipment. Earlier this year, multiple supercomputers across Europe were forced to shut down after being infected with an orchestrated cryptocurrency mining malware attack. 

Universities hold large amounts of personal data about staff and present and form students. 

The threat of cyber attacks is heightened in 2020 with the adoption of virtual learning techniques in order to adhere to government-enforced social distancing measures, while cyber attackers have surged as hackers attempt to capitalize on the disruption. 

Email security company Tessian commented that a concerning number of top UK universities were not sufficiently protected from the most common attack vector: phishing attacks. 

‘Inundated inboxes’

Nearly 1 in 3 (30%) of the top 20 universities do not have DMARC policies in place, which refers to measures to prevent attackers from directly impersonating an organization’s email domains. 

While 60% did have policies in place, they had not set up the DMARC policy to prevent cybercriminals from mimicking or impersonating their domain.

Tessian CEO, Tim Sadler, said: “We have seen hackers capitalize on key moments throughout the pandemic using phishing attacks, so it’s likely they will use this ‘back to school’ momentum to their advantage too, impersonating trusted universities to try and steal valuable personal and financial information.”

Without sufficiently configured DMARC measures in place, hackers can impersonate a university’s email domain in phishing campaigns, convincing their targets that they are opening a legitimate email from a colleague, fellow student, professor, or administrator at their university.

Sadler advised recipients of emails from their university asking for urgent action to question the legitimacy of the request and, if unsure, contact the university directly to verify.  

“As universities start to welcome students back – and inundate inboxes with updates about online learning and social distancing — it’s critical that they take action to build robust security measures that can protect their staff and students against email scams.”

Paul Chichester, the NCSC’s director of operations, said: “The criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible.”

“I would strongly urge all academic institutions to take heed of our alert.”