Report: UK Universities Vulnerable to CyberattacksBritish Intelligence Agency Warns of Threats From Cybercriminals and Nation-States
U.K. universities will continue to face cyberattacks from nation-state actors and organized criminal gangs in the years ahead, according to a new report issued by the National Cyber Security Center, which calls on schools to take defensive measures.
Threat actors already are spreading ransomware and other forms of malware through universities to earn ransoms, collect student data or steal intellectual property, a spokesperson for the NCSC tells Information Security Media Group that.
NCSC, the public-facing arm of U.K. intelligence agency GCHQ, estimates that the financial damages to universities totalled about £145 million ($181 million) during the first half of 2018, the report notes
One of the main reasons for this uptick in cyber incidents is the that universities sometimes avoid security measures that could hamper the free flow of information, the report notes.
"In both culture and technology, universities are one of the most open and outward facing sectors," the report finds. "This enables and eases collaboration between academics across borders, and is likely a key component of their success. Unfortunately, this also eases the task of an attacker."
Sizing Up the Threats
The NCSC report show how the different types of threats are disrupting universities.
Malware and phishing attacks are usually tied to criminal gangs looking to make cash by collecting ransoms or selling data on underground forums, the report finds.
Some schools and universities are falling victim to business email compromise schemes, which are becoming more common worldwide (see: BEC Scams Cost U.S. Companies $300 Million Per Month: Study).
But the most serious, long-term threat to U.K. universities is from nation-state actors who are using more sophisticated methods to steal research data or other intellectual property, the report notes.
"While it is highly likely that cybercrime will present the most evident difficulties for universities, state-sponsored espionage will likely cause greater long-term damage," according to the report. "This is particularly true for those universities which prize innovation and research partnerships."
These findings dovetail with a recent report released by VMware and Dell EMC which surveyed 75 senior IT executives at 68 U.K. universities. Some 53 percent of those surveyed confirmed that their research had already been accessed by foreign hackers.
Eyes on Iran
The NCSC has tied some of these U.K university attacks to an Iranian organization called the Mabna Institute, which has led hacking campaigns across the world to steal intellectual property and sensitive research materials.
In August 2018, this Iranian-backed hacking group targeted 76 universities across 14 countries, including 18 in the U.K., through a campaign that used over 300 fake websites, as well as credential stealing methods, designed to steal research from these schools, the report notes.
Earlier this month, SecureWorks published updated research on Mabna Institute, as well as a hacking group associated with it called "Cobalt Dickens." The report found that the hacking group targeted 60 universities across the world this summer (see: Iranian Hacking Group Continues Targeting Universities ).
The NCSC report recommends several steps that universities should take to better protect their infrastructure. These include bolstering security awareness; strengthening access controls, especially around systems that host sensitive data; and implementing network segmentation to help separate sensitive data within the network.
The NCSC spokesperson adds that universities are encouraged to adopt the center's Active Cyber Defense - a program that uses automation and other tools to stop malware and other attacks. "The NCSC is working on the ways that protection might be extended to universities," the spokesperson says.