Threat actors already are spreading ransomware and other forms of malware through universities to earn ransoms, collect student data or steal intellectual property, a spokesperson for the NCSC tells Information Security Media Group that.
NCSC, the public-facing arm of U.K. intelligence agency GCHQ, estimates that the financial damages to universities totalled about £145 million during the first half of 2018, the report notes:-
One of the main reasons for this uptick in cyber incidents is the that universities sometimes avoid security measures that could hamper the free flow of information, the report notes.
"In both culture and technology, universities are one of the most open and outward facing sectors," the report finds. "This enables and eases collaboration between academics across borders, and is likely a key component of their success. Unfortunately, this also eases the task of an attacker."
Weighing Up the Threats
The NCSC report show how the different types of threats are disrupting universities.
Malware and phishing attacks are usually tied to criminal gangs looking to make cash by collecting ransoms or selling data on underground forums, the report finds.
But the most serious, long-term threat to U.K. universities is from nation-state actors who are using more sophisticated methods to steal research data or other intellectual property, the report notes.
"While it is highly likely that cybercrime will present the most evident difficulties for universities, state-sponsored espionage will likely cause greater long-term damage," according to the report. "This is particularly true for those universities which prize innovation and research partnerships."
These findings dovetail with a recent report released by VMware and Dell EMC which surveyed 75 senior IT executives at 68 U.K. universities. Some 53 percent of those surveyed confirmed that their research had already been accessed by foreign hackers.
The NCSC has tied some of these U.K university attacks to an Iranian organisation called the Mabna Institute, which has led hacking campaigns across the world to steal intellectual property and sensitive research materials.
In August 2018, this Iranian-backed hacking group targeted 76 universities across 14 countries, including 18 in the U.K., through a campaign that used over 300 fake websites, as well as credential stealing methods, designed to steal research from these schools, the report notes.
Earlier this month, SecureWorks published updated research on Mabna Institute, as well as a hacking group associated with it called "Cobalt Dickens." The report found that the hacking group targeted 60 universities across the world this summer.
Although IT Security Centre UK UK hadn’t got an opportunity to audit all these apps and offer you a security report, it has come up with some tips on how to transact safely from mobile banking apps by keeping the data safe on a simultaneous note.
The NCSC report recommends several steps that universities should take to better protect their infrastructure. These include bolstering security awareness; strengthening access controls, especially around systems that host sensitive data; and implementing network segmentation to help separate sensitive data within the network.
The NCSC spokesperson adds that universities are encouraged to adopt the centre's Active Cyber Defence - a program that uses automation and other tools to stop malware and other attacks. "The NCSC is working on the ways that protection might be extended to universities," the spokesperson says.
This article contain Amazon UK affiliate links, which means we may earn a small commission (at no extra cost to you) if a reader clicks through and makes a purchase. The prices may vary after publication, please follow links for current prices and offers.