This article is more than 1 year old

Uni sysadmins, don't relax. Cybercrooks are still after your crown jewels, warns NCSC

GCHQ offshoot says be on your guard

Cybercrims are still likely to affect universities and other educational institutions online with ransomware, reckons GCHQ offshoot the National Cyber Security Centre.

Attacks by online criminals and nation states alike are "rising", the NCSC warned in a report published today.

Sarah Lyons, deputy director for economy and society at the British security centre, said: "NCSC is working closely with the academic sector to ensure that, wherever the threat comes from, they are able to protect their research and their universities in cyberspace."

While cybercriminals are most likely to deploy ransomware and other nasties "through untargeted attacks", the impact of their nefarious deeds is generally more than trivial. Attackers, said the NCSC, are generally quite likely to succeed because they exploit the "open and outward facing" nature of academic institutions.

"Using sources such as a university's website, it is straightforward to identify who to target, how to reach them, and to establish a credible story with which to approach them," said the NCSC.

Phishy story

They're not alone in highlighting the risk from phishing: back in April, academic infosec bods from Jisc, formerly known as the Joint Information Systems Committee, warned that a pen-test exercise had seen them successfully phish every single university they targeted.

Aside from organised crime and thieves looking to pick a cyber-pocket through the use of cyber-tools in the cyber-domain, British universities also need to be on the lookout for state-backed threats as well.

"Cyber," opined NCSC, "offers a deniable route to obtain information that is otherwise unavailable to them. It is likely exploited instead of, or in conjunction with, traditional routes to gain access to research, such as partnering, 'seconded students', or direct investment."

Last year, an Iranian campaign to steal login credentials from Western universities was brought to public light. The scam played on the old technique of setting up fake login pages to man-in-the-middle the victims' credentials for academic repositories.

"Many of the fake pages were linked to university library systems, indicating the actors' appetite for this type of material," the NCSC said of the Iranians' doings.

Once inside, state-backed hackers normally go for information of high commercial or military value, NCSC warned.

Bulk personal data, technical information, sensitive research and intellectual property are all types of information that attackers of both broad flavours are interested in – and should therefore be defended accordingly.


Not all attacks are known or traceable. The University of Edinburgh was targeted last year with a DDoS attack, while King's College London (no stranger to IT woes) suffered what appears to be a brute-force attack against public-facing login pages.

Defending against these kinds of attacks is a combination of the usual methods: train people, staff and students alike, in what a suspicious approach looks like, deploy multi-factor authentication to make it harder for remote attackers to log in, and take a good look at your institution's network architecture and internal controls.

"We believe that state espionage will continue to pose the most significant threat to the long-term health of both universities and the UK itself," concluded the NCSC. "There's a realistic possibility that the threat will increase in-line with increased scrutiny of foreign direct investment and the minimising of other avenues to gain insight and advantage." ®

More about


Send us news

Other stories you might like