Express Computer
Home  »  Industries  »  Education  »  Hackers targeting UK education sector, warns nodal cyber agency

Hackers targeting UK education sector, warns nodal cyber agency

0 47
Read Article

The UK’s nodel cyber agency on Thursday warned that cyber criminals are increasingly targeting universities with ransomware attacks and there has been a trend for cyber criminals to threaten to release sensitive data stolen from the network during the attack, if the ransom is not paid.

In July, hackers compromised student and alumni data at least eight universities in the UK and Canada including University of York, University College, Oxford, University of Leeds and University of London via a massive attack on a US-based software provider called Blackbaud.

The UK’s National Cyber Security Centre (NCSC) said in the latest update that the targeted ransomware attacks on the UK education sector by cyber criminals are on the rise.

“This alert details recent trends observed in ransomware attacks on the UK education sector. It also provides mitigation advice to help protect this sector from attack,” NCSC said.

Since August this year, the NCSC has been investigating an increased number of ransomware attacks affecting education establishments in the UK, including schools, colleges and universities.

“There are many high-profile cases where the cyber criminals have followed through with their threats by releasing sensitive data to the public, often via ‘name and shame’ websites on the darknet”.

The NCSC observed that Remote Desktop Protocol (RDP) is one of the main protocols used for remote desktop sessions, enabling employees to access their office desktop computers or servers from another device over the internet.

Insecure RDP configurations are frequently used by ransomware attackers to gain initial access to victims’ devices.

“Often, the attacker has previous knowledge of user credentials, through phishing attacks, from data breaches, and credential harvesting. User credentials have also been discovered through brute force attacks because of ineffective password policies,” the agency said.

The July hack involved data of former students, staff, existing students and other supporters. In some cases, the stolen data included phone numbers, donation history and events attended.

“Recently, attackers have also been seen to sabotage backup or auditing devices to make recovery more difficult, encrypt entire virtual servers, use scripting environments (PowerShell) to easily deploy tooling or ransomware,” the NCSC said.

The NCSC recommended that organisations implement a ‘defence in depth’ strategy to defend against malware and ransomware attacks.


If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]


Get real time updates directly on you device, subscribe now.

Subscribe to our newsletter
Sign up here to get the latest news, updates delivered directly to your inbox.
You can unsubscribe at any time

Leave A Reply

Your email address will not be published.

Virtual Conference

Leading the future for the connected world

The ability to adapt to new technologies while supporting critical systems requires a smart network infrastructure.
Know how to deliver a seamless customer experience from cable to cloud.
Register for Free