GCHQ offshoot the National Cyber Security Centre has warned Further and Higher Education institutions in the UK to be on their guard against ransomware attacks as the new academic year (sort of) gets under way.
NCSC sent advice to places of learning "containing a number of steps they can take to keep cyber criminals out of their networks, following a recent spike in ransomware attacks," it said in an advisory note published this morning.
A recent spike in ransomware attacks in August included infections of Newcastle and Northumbria Universities, seemingly among others.
"While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted," thundered Paul Chichester, the NCSC's director of ops.
Where China leads, Iran follows: US warns of 'contract' hackers exploiting Citrix, Pulse Secure and F5 VPNsREAD MORE
Attackers typically target the Remote Desktop Protocol (RDP) as a way of extracting data from targeted organisations. The usual modus operandi of larger groups is to gain access to a target network, deploy an encryptor, steal data from the network and then drip-feed it out to wind up pressure on victims to pay a ransom to decrypt their files, as the Maze ransomware gang does. Demands usually range between six and eight figures.
Smaller operators typically engage in drive-by attacks, relying on automated encryption and emails from victims desperate to regain control over their corporate networks.
Infection vectors are most commonly staffers connected to corporate networks opening infected email attachments, triggering embedded malware. Occasionally targeted attacks manage to find easy-to-crack passwords, as NCSC said, and unpatched enterprise software also provides a relatively common way in – as the US has been repeatedly warning.
Adenike Cosgrove, cybersecurty strategist at email security provider Proofpoint said in a statement: "Education institutions hold masses of highly sensitive data on individuals, perhaps more so than any industry outside healthcare. Along with personal information such as name, address, DOB, there's also the potential to hold payment details, ID, health records, and much more. This trove of information puts a target on the back of every good-sized school, college, or university."
She added: "Universities should ensure that all staff and students are aware of basic security hygiene and the mechanics of common threats. This awareness training must be in context. All users must know how they are likely to encounter an attack and the role they play in defending against it."
Mark Nicholls, CTO of infosec biz Redscan, agreed, saying: "The fact that such a large number of universities don't deliver cyber security training to staff and students, nor commission independent penetration testing, is concerning. These are foundational elements of every security program and key to helping prevent data breaches." ®