Ransomware: Sharp rise in attacks against universities as learning goes online
The number of ransomware attacks targeting universities has doubled over the past year and the cost of ransomware demands is going up as information security teams struggle to fight off cyberattacks.
Analysis of ransomware campaigns against higher education found that attacks against universities during 2020 were up 100 percent compared to 2019, and that the average ransom demand now stands at $447,000.
Privacy
The sharp rise in the number of ransomware attacks, combined with the six-figure sums ransomware gangs demand in exchange for the decryption key means ransomware represents the number one cybersecurity threat for universities, according to the research by tech company BlueVoyant.
SEE: Network security policy (TechRepublic Premium)
Ransomware is a problem across all sectors, but for higher education it currently represents a particular problem because the ongoing COVID-19 pandemic means that students are receiving their teaching online while many academics are also working from home.
Overstretched IT departments might not have the ability to fully address security, providing cyber criminals with an opening to exploit.
"Operating in the middle of the pandemic provides even greater opportunity for the adversary," Austin Berglas, global head of professional services at BlueVoyant told ZDNet.
Berglas said IT staff are already busy ensuring students and staff have the necessary tools to conduct remote learning, from device configurations and the installation of new software and cameras to assisting end users that are having problems with the new technology. "These schools may not have the resources to properly secure the network," he said.
That means that universities could be considered an easy target for cyber attackers – and the lack of IT resources, combined with students and staff being reliant on the network being available, means that many victims of ransomware attacks in higher education will consider paying a ransom demand of hundreds of thousands of dollars in Bitcoin in order to restore the network as quickly as possible.
Researchers suggest that in many cases, cyber criminals are specifically targeting universities because they perceive them to be a soft target, and one from which it is easier to extract a ransom payment than businesses in other areas, which might potentially provide more lucrative targets, but that require more effort from attackers.
According to the report, more than three-quarters of the universities studied had open remote desktop ports, and over 60% had open database ports – both of which provider cyber attackers with an entry point into networks and a means to eventually deliver and execute ransomware attacks.
SEE: Phishing: These are the most common techniques used to attack your PC
While cyberattacks and ransomware continue to pose a threat to universities – and will continue to do so even after in-person teaching resumes – there are things that can be done in order to improve cybersecurity and reduce the chances of falling victim to malicious hackers.
This includes applying multi-factor authentication across all email accounts, so if cyber criminals can breach login credentials, it's much more difficult to exploit them for access around the network.
"Ensure multi-factor authentication using a single sign-on solution. Multi-factor authentication will prevent the majority of phishing attacks, which is one of the top ways ransomware is being deployed," said Berglas.
It's also recommended that universities monitor networks for abnormal behaviour, such as fast logins or logins to multiple accounts from the same location, as that could indicate suspicious activity.
MORE ON CYBERSECURITY
- University warns that 'serious cyber incident' could take weeks to fix
- How ransomware attackers are doubling their extortion tactics TechRepublic
- University of California SF pays ransomware hackers $1.14 million to salvage research
- FBI and European law enforcement shut down VPN used by ransomware groups CNET
- Ransomware: Attacks could be about to get even more dangerous and disruptive