AJ Thompson is CCO at Northdoor plc
16th September 2020
We are currently witnessing a rapid rise of opportunistic cybercriminal activity taking advantage of the chaos created by pandemic with many sectors including, healthcare, charity and public sectors being targeted.
Most recently the education sector has also become a casualty with more than 20 universities across the UK, US and Canada confirming they were victims of a cyber-attack that compromised a third-party software supplier, Blackbaud.
The US-based firm is the world’s largest provider of education administration, fundraising, and financial management software. The ransomware targeted the personal details of former students who had been asked to make financial contributions to these institutions, however this also extended to staff and existing students. Blackbaud paid an undisclosed ransom to the hackers and have so far refused to reveal the scale of the breach.
Newcastle University was also completely crippled by hackers with the institution unable to allocate accommodation for first year students due to the cyberattack taking down its system. Hackers broke into the University’s computer network and stole data before encrypting machines using DoppelPaymer malware.
Northumbria University was another victim of a cyberattack that caused significant operational disruption to its IT systems, with exams being cancelled. In both cases each establishment notified the ICO and the police.
Universities and the education sector as a whole are particularly vulnerable to cyberattacks, due to the fact that exams could be disrupted or cancelled as in Northumbria’s case. A sizeable breach may even impact a student’s ability to graduate. Inarguably, this is a high price to pay considering the cost of education.
Universities also hold a large amount of research data that may be of value to cybercriminals and increasingly country lead attacks. With Universities reliant on their IT systems, a breach can be economically devastating which increases the impetus to pay the ransom.
Cyberattacks are becoming ever more sophisticated. Previously cybercriminals used ‘spray and pray’ ransomware attacks, where millions of users would be emailed with the expectation that a few would reply and in doing so, allow their computers to become infected. However, this new generation of cyberattacks is the result of careful planning, research and patience.
In the case of Newcastle University, reports suggest hackers could have been in the system for up to a year, moving operational data around and waiting for the right moment to attack. This new age of cyberattacks sees criminals use bought or stolen login details to enter a system to copy data before encrypting it.
Another new tactic that cybercriminals are using is to publish the name of the victim online with proof of the attack, with the resulting reputational and economic damage being used to extort a pay-off. Many cybercriminals also look to extort more than one ransom, firstly for the encryption key and secondly to delete the stolen data.
Universities do already have procedures in place to protect themselves, such as prevention software that repels millions of phishing attacks each month and stop malicious software entering their systems; but the main problem lies in new forms of attack.
Even with rigorous data back-ups, the damage to operating systems may be irreversible especially if hackers have been in the system for some time. Those not paying the ransom have reported they have had to purchase whole new IT systems.
Most institutions are aware that they need to do more to tackle the growing problem, such as outsourcing to external experts who can provide 24/7 Software as a Service (SaaS). Penetration Testing can help to determine where vulnerabilities lie, what staff training needs to be undertaken and the creation of effective security strategies. Hiring employees who already have an up-to-date IT skill set is also crucial to combat cybercrime and keep one step ahead of cybercriminals and their increasingly sophisticated threats.