UK universities have been warned by the country’s cyber-security agency of looming threats as rising numbers of digital attacks risk disrupting the start of term, in which many students are reliant on online lectures and seminars.
The National Cyber Security Centre (NCSC) issued an alert to universities and colleges following a spike in cyber-attacks on higher educational institutions, most recently at Newcastle University, whose data was this week held ransom by hackers.
This attack – like others of recent times – was a ransomware incident, in which access to computer systems and data is blocked until the target institution hands over cash – usually in the form of crypto-currency, which is notoriously difficult to trace.
Northumbria University, also situated in Newcastle upon Tyne, also faced a cyber-attack this month, while a group of further education colleges in Yorkshire, as well as a higher education college in Lancashire, were targeted in August.
Paul Chichester, director of operations at the NCSC, described these incidents, which can take weeks to solve, as “reprehensible”.
The string of attacks come ahead of the start of the 2020/21 academic year, during which the vast majority of universities will rely heavily on online channels to deliver tuition, as social distancing restrictions, and in some areas local lockdowns, remain in place. Cambridge University announced that all lecture would be held online until next summer due to the Covid-19 pandemic.
The return to school, college and university now faces an increased risk from cyber-attacks, which, according to the NCSC, could “de-rail their preparations for the new term”.
In November last year, EducationInvestor Global reported at length on how hackers were worming their way into universities’ computer systems through holes created by simplistic yet detrimental email scams, enabling them to paralyse databases entirely in some cases.
The fresh warning from the NCSC follows a spate of ransomware and malware – a term prescribed to malicious software – attacks on academic institutions. The agency says that, after locking users out of systems and services, hackers will issue a note demanding payment for recovery of frozen or stolen data – sometimes accompanied by a threat to release sensitive information if demands are not met within a certain time-frame.
Because universities contain a trove of commercially and politically sensitive data – particularly those with extensive research capabilities – they are especially susceptible to attempts to obtain it through illegal means.
And, with the advent of remote learning, universities’ data and systems are at increased risk of infiltration, experts say.
Chris Boyd, lead malware analyst at Malwarebytes, an anti-virus software provider, said: “One major problem faced by universities is that while they can bolster their own defences, it could be a bridge too far to secure all of their students studying remotely. If attackers find campus networks too difficult to breach, they’ll likely turn attention to students who could still end up providing another route past security protocols.
“We’d urge all students to keep up to date with the latest best practice guidance issued by their university and help to keep everyone secure.”
Earlier this year, more than 20 universities and charities in the UK, US and Canada were involved in a cyber-attack on cloud-computing supplier Blackbaud.
Date published: 17 September 2020