Universities a 'huge target' for nation-state attackers, warns NCSC

The UK's leading cyber security agency issued advie to elite academic institutions on how keep them and their country safe

Cardiff University

In an assessment of the state of cyber security of UK universities, the National Cyber Security Centre (NCSC) said state-sponsored espionage is among the most evident and damaging threats in the long-term to academia's elite.

Universities are the gatekeepers and creators of highly valuable information, which makes them attractive targets of cyber crime and state-sponsored espionage, so it's important that these institutions remain cyber secure.

Ask key contributors to the economy, skills development and innovation in the UK, universities handle highly sensitive and valuable personal data an intellectual property that outside threats would love to acquire.

"It is almost certain that state-sponsored actors are looking to steal data and information for strategic gain," said the NCSC. "Meanwhile, cyber criminals seek to commit fraud, or monetise stolen material through sale or ransom.

"Once access is gained, it is highly likely that both types of attacker will exploit facilities such as compromised email accounts, to further penetrate university systems."

The threat of state-sponsored espionage is particularly high for universities with world-leading research programs, according to the cyber security branch of GCHQ, and the damage of stolen data would extend to the UK's "larger national interest" and researchers who may lose the chance to 'publish first'.

Sensitive research such as that related to the military, national defence and in STEM is among the most prized data that attackers would want to target. Losing this would likely come at the detriment of both the university and the UK as a whole, the NCSC said.

For example, the university could become less valuable to investors if they're research is stolen through a cyber attack which would mean funding may be cut to future research projects. The UK would also become more vulnerable if our enemies gain information about how we protect the country.

Phishing is one of the key concerns universities should address, according to the NCSC, as it's a common way attackers can steal log-in credentials from students and staff. It can also lead to the downloading of malware which can be designed to steal data once it has infected a machine connected to the university's network.

"While employees in corporate organisations may have received awareness training, many students won't have the same experience in identifying and reporting phishing attacks," said Jordan Wright, Duo security principal R&D engineer.

"Similarly, unless you're involved with the information security industry and can stay on top of the ever-evolving tactics attackers use, you're less likely to recognise the tell-tale signs of a phishing email."

In August 2018 researchers discovered myriad phishing attempts on western universities, including the UK's, that ultimately stemmed from Iranian nation-state attackers. They created fake log-in pages to which victims were sent through email and then stole their university log-in credentials, mainly for their library systems so they could steal intellectual property.

A previous Iranian attack spanning four years was foiled in 2018 which saw hackers target 100,00 professors and ultimately made off with over 30 terabytes of academic data.

The NCSC advises universities to promote cyber security awareness of everyone on campus as phishing attacks try to exploit human tendencies but this can be particularly difficult for universities which see a high turnover of staff and students.

Due to this high turnover, the security body also encouraged strict access controls to be put in place and the partitioning of the network, keeping high-value data in different places to make it less easily accessible for attackers.

Lastly, universities should consider their computer network design and deploy a central means of management. Universities enjoy the freedom of many private networks for specific departments and functions but these can become difficult to manage and if left vulnerable, provide attackers with an entry point to a network.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

What is cyber warfare?
Security

What is cyber warfare?

23 Mar 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021

Most Popular

University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021