The UK’s nodel cyber agency on Thursday warned that cyber criminals are increasingly targeting universities with ransomware attacks and there has been a trend for cyber criminals to threaten to release sensitive data stolen from the network during the attack, if the ransom is not paid.
In July, hackers compromised student and alumni data at least eight universities in the UK and Canada including University of York, University College, Oxford, University of Leeds and University of London via a massive attack on a US-based software provider called Blackbaud.
The UK’s National Cyber Security Centre (NCSC) said in the latest update that the targeted ransomware attacks on the UK education sector by cyber criminals are on the rise.
“This alert details recent trends observed in ransomware attacks on the UK education sector. It also provides mitigation advice to help protect this sector from attack,” NCSC said.
Since August this year, the NCSC has been investigating an increased number of ransomware attacks affecting education establishments in the UK, including schools, colleges and universities.
“There are many high-profile cases where the cyber criminals have followed through with their threats by releasing sensitive data to the public, often via ‘name and shame’ websites on the darknet”.
The NCSC observed that Remote Desktop Protocol (RDP) is one of the main protocols used for remote desktop sessions, enabling employees to access their office desktop computers or servers from another device over the internet.
Insecure RDP configurations are frequently used by ransomware attackers to gain initial access to victims’ devices.
“Often, the attacker has previous knowledge of user credentials, through phishing attacks, from data breaches, and credential harvesting. User credentials have also been discovered through brute force attacks because of ineffective password policies,” the agency said.
The July hack involved data of former students, staff, existing students and other supporters. In some cases, the stolen data included phone numbers, donation history and events attended.
“Recently, attackers have also been seen to sabotage backup or auditing devices to make recovery more difficult, encrypt entire virtual servers, use scripting environments (PowerShell) to easily deploy tooling or ransomware,” the NCSC said.
The NCSC recommended that organisations implement a ‘defence in depth’ strategy to defend against malware and ransomware attacks.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]