Universities a 'huge target' for nation-state attackers, warns NCSC

The UK's leading cyber security agency issued advie to elite academic institutions on how keep them and their country safe

Cardiff University

In an assessment of the state of cyber security of UK universities, the National Cyber Security Centre (NCSC) said state-sponsored espionage is among the most evident and damaging threats in the long-term to academia's elite.

Universities are the gatekeepers and creators of highly valuable information, which makes them attractive targets of cyber crime and state-sponsored espionage, so it's important that these institutions remain cyber secure.

Ask key contributors to the economy, skills development and innovation in the UK, universities handle highly sensitive and valuable personal data an intellectual property that outside threats would love to acquire.

"It is almost certain that state-sponsored actors are looking to steal data and information for strategic gain," said the NCSC. "Meanwhile, cyber criminals seek to commit fraud, or monetise stolen material through sale or ransom.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Once access is gained, it is highly likely that both types of attacker will exploit facilities such as compromised email accounts, to further penetrate university systems."

The threat of state-sponsored espionage is particularly high for universities with world-leading research programs, according to the cyber security branch of GCHQ, and the damage of stolen data would extend to the UK's "larger national interest" and researchers who may lose the chance to 'publish first'.

Sensitive research such as that related to the military, national defence and in STEM is among the most prized data that attackers would want to target. Losing this would likely come at the detriment of both the university and the UK as a whole, the NCSC said.

For example, the university could become less valuable to investors if they're research is stolen through a cyber attack which would mean funding may be cut to future research projects. The UK would also become more vulnerable if our enemies gain information about how we protect the country.

Phishing is one of the key concerns universities should address, according to the NCSC, as it's a common way attackers can steal log-in credentials from students and staff. It can also lead to the downloading of malware which can be designed to steal data once it has infected a machine connected to the university's network.

"While employees in corporate organisations may have received awareness training, many students won't have the same experience in identifying and reporting phishing attacks," said Jordan Wright, Duo security principal R&D engineer.

Advertisement - Article continues below

"Similarly, unless you're involved with the information security industry and can stay on top of the ever-evolving tactics attackers use, you're less likely to recognise the tell-tale signs of a phishing email."

In August 2018 researchers discovered myriad phishing attempts on western universities, including the UK's, that ultimately stemmed from Iranian nation-state attackers. They created fake log-in pages to which victims were sent through email and then stole their university log-in credentials, mainly for their library systems so they could steal intellectual property.

A previous Iranian attack spanning four years was foiled in 2018 which saw hackers target 100,00 professors and ultimately made off with over 30 terabytes of academic data.

The NCSC advises universities to promote cyber security awareness of everyone on campus as phishing attacks try to exploit human tendencies but this can be particularly difficult for universities which see a high turnover of staff and students.

Advertisement
Advertisement - Article continues below

Due to this high turnover, the security body also encouraged strict access controls to be put in place and the partitioning of the network, keeping high-value data in different places to make it less easily accessible for attackers.

Lastly, universities should consider their computer network design and deploy a central means of management. Universities enjoy the freedom of many private networks for specific departments and functions but these can become difficult to manage and if left vulnerable, provide attackers with an entry point to a network.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/28170/what-is-cyber-warfare
Security

What is cyber warfare?

20 Sep 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020