- Security TWENTY
- Women in Security
The UK official National Cyber Security Centre (NCSC) has issued an alert to the education sector, about keeping cyber criminals out of their networks, following a recent spike in ransomware attacks, the Centres says.
The NCSC, part of the government security agency GCHQ, says that it dealt with several ransomware attacks against education establishments in August, which caused disruption depending on the cyber-security in place. Paul Chichester, Director of Operations at the NCSC, said: “This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible.
“While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted. We are absolutely committed to ensuring UK academia is as safe as possible from cyber threats, and will not hesitate to act when that threat evolves.”
For that alert, Targeted ransomware attacks on the UK education sector by cyber criminals, visit the NCSC website. It coves ‘common ransomware infection vectors’ and mitigations. See also the JISC website on ‘Cyber security in FE‘.
Chris Boyd, Lead Malware Analyst at Malwarebytes says: “One major problem faced by universities is that while they can bolster their own defences, it could be a bridge too far to secure all of their students studying remotely.”
In recent years, the frequency, sophistication, and cost of cyber attacks against universities has increased, says Adenike Cosgrove, Cybersecurity Strategy, International at cyber firm Proofpoint. “The education sector saw the largest year-on-year increase of email fraud attacks of any industry in 2019, with 192pc growth, averaging 40 attacks per institution.
“The coronavirus pandemic may have upped the ante with the security challenges posed by a rapid move to remote learning, but the education sector has been something of a powder keg for a very long time. Education institutions hold masses of highly sensitive data on individuals, perhaps more so than any industry outside healthcare. Along with personal information such as name, address, DOB, there’s also the potential to hold payment details, ID, health records, and much more. This trove of information puts a target on the back of every good-sized school, college, or university. Also, like medical institutions, education centres must maintain short- and long-term continuity. Cancelling exams, writing off grades, and cutting off services is not an option, and cybercriminals know this, which also makes the sector one of the most targeted by ransomware attacks. Recent incidents such as those at Newcastle and Northumbria Universities are just the latest of many in a sector increasingly under attack. And the only defence is one that places the very people under attack at its heart.
“Almost 100pc of cyber attacks require human interaction to be successful. That same human interaction can also bring about failure. Universities should ensure that all staff and students are aware of basic security hygiene and the mechanics of common threats. This awareness training must be in context. All users must now how they are likely to encounter an attack and the role they play in defending against it.”
Matt Aldridge, Principal Solutions Architect at cyber firm Webroot, said the NCSC had done the right thing. “It’s unsurprising that education institutions continue to be targets for cybercriminals, especially considering they can be large sprawling organisations that are hard to administer and secure. Balancing resources between their mission of educating their students and the need for cybersecurity is an ongoing challenge. For cybercriminals, now is the perfect time to cause disruption as students start the term.”
And Dr Jamie Collier, Intelligence Analyst at Mandiant Threat Intelligence, said that mitigation must start with the basics. “Universities should ensure they are patching vulnerabilities quickly, enforcing remote desktop protocols, and putting controls in place to stop phishing attacks. These are the most common entry points for ransomware. Universities also need to use threat intelligence to identify the most likely ransomware attacks they will face so they can put the correct protection measures in place. Ransomware groups are increasing and diversifying, which is why we are seeing more attacks. Only by identifying the techniques and methods of the most likely ransomware families for their region or the types of data they hold can universities be better prepared for the attacks they may face.”