- Security TWENTY
- Women in Security
Personal accounts of students and staff at universities might seem to be insignificant targets for cybercriminals. Actually, the information that could be found through spear phishing attacks on universities might be even more valuable: their databases containing many impactful and exclusive types of research on various topics, from economy to nuclear physics, says a cyber security firm.
Besides, since many of them collaborate with vendors for PhDs, threat actors might access data containing not only expertise but also private and potentially compromising information on companies, according to Kaspersky Lab.
Even though universities are attentive to their IT security, attackers find ways to breach their systems by targeting the weakest link; inattentive users. In most scenarios threat actors created a web-page that appeared to be identical to the website of the university yet differed from it with a few letters in the web address. Usually, victims are quite likely to fall into the trap and enter their credentials sending their sensitive information to phishers, especially if social engineering methods are used.
All in all, researchers detected 961 attacks, on 131 schools, aiming mostly at English-speaking universities. Some 83 of targeted institutions are in the USA and 21 in the UK. The threat actors were especially interested in the University of Washington: Kaspersky Lab detected 111 attacks aimed at this particular school. The statistics show that educational institutions in Asia, Europe and Africa faced attacks too.
Nadezhda Demidova, security researcher at Kaspersky Lab says: “The number of targeted entities is certainly worrying – apparently, the education industry is becoming a hot topic among the cybercriminals. University staff need to consider that each of their employees and students can become a weak link and provide criminals with access to their systems and be proactive in taking necessary security measures.”