Skip navigation

Universities Targeted by Increasing Phishing & Ransomware Attacks

Malicious hacking attacks against U.K. universities have doubled over the past year, from 2016 to 2017, according to an analysis of freedom of information request data by The Times.

More than 1,152 breaches of U.K. university networks were reported last year. Attackers are targeting intellectual property, specifically, confidential information related to advanced developments in medicine, engineering and missile research, according to Computer Weekly.

This information is highly sought after by nation states; plus, this type of valuable data can be sold online to the highest bidder, as the BBC reported.

One of the reasons why the higher education sector is an easy target is due to resourcing and focus - universities may put more emphasis on academic research, rather than network protection.

While financial services companies are often targeted, they also often have larger IT and security budgets to protect business-critical financial information.

Ransomware Delivered Via Phishing

How are attackers getting access to data? According to the BBC, they’re employing phishing, denial of service and ransomware attacks.

In August, Proofpoint researchers found a new, custom-developed ransomware variant targeting the healthcare and education industries in the U.S. and the U.K.

These narrow, selective phishing campaigns were sent to both individuals and distribution list groups, and are customized to a specific set of users. The ransomware, named Defray by researchers, is spread via a Microsoft Word document attached to email messages.

But this ransomware doesn’t just encrypt data, it can also disable startup recovery and delete volume shadow copies. It also monitors and kills any programs running using a GUI on Windows 7.

Best Practices to Protect Against Phishing and Ransomware

The US-CERT (Computer Emergency Readiness Team) has provided some best practices to protect against phishing and ransomware. Here’s a summary of a few:

  • Frequently back up system files; verify backups regularly. Store backups on a separate device that can’t be accessed from the network.
  • Don’t click on links and open attachments in suspicious-looking emails; forward them to your IT or security team.
  • Never give out personal information or information about your organization’s networks or structure. Verify the requestor’s identity directly with their company
  • Keep your applications, operating system and other software patched with the latest updates to protect against exploits of known vulnerabilities.

Mitigate the risk of out-of-date devices with an endpoint and access security solution that gives you visibility and control over unmanaged, personal employee devices. And, reduce the impact of a phishing attempt that steals passwords by protecting your users’ account logins (and access to data) with two-factor authentication (2FA).

Learn more about specific types of remote access threats that target users, devices and remote access services, and how to mitigate them in The Essential Guide to Securing Remote Access.

Thu Pham

Information Security Journalist

@Thu_Duo

Thu Pham covers current events in the tech industry with a focus on information security. Prior to joining Duo, Thu covered security and compliance for the infrastructure as a service (IaaS) industry at Online Tech. Based in Ann Arbor, Michigan, she earned her BS in Journalism from Central Michigan University.