The Covid 19 pandemic caused educational disruption around the globe, as nationwide lockdown measures forced many schools to temporarily close their doors.
This led to the distinctive rise of e-learning where teaching is delivered remotely and via digital platforms. The rise in the adoption of e-learning platforms also came with its challenges around the exposure of these higher institutions to cyber threats such as Ransomware attacks and data theft.
Ransomware attacks remain a problem for many industries. However, for the education sector, it has grown into a big cause for concern due to the remote learning arrangement as students are receiving their teaching online while many faculties are also working remotely. A cybersecurity firm, BlueVoyant, reported that the ransomware attacks against universities around the world doubled year-on-year in 2020 due to the massive shift to online teaching/learning.
In its latest cybersecurity campaign on higher education institutions, BlueVoyant ran an analysis on 2,702 universities across 43 countries from January 2019 to September 2020. The report revealed that ransomware attacks on universities had increased by 100% and the average ransom payouts by these institutions neared half a million dollars.
The recorded spike in the number of ransomware attacks could be explained by the observed lapses in the security architecture of these institutions: 22% of the universities had open or unsecured remote desktop ports (RDPs) and 66% had not set up protocols such as SPF, DMARC, DKIM to secure their systems against phishing. These two attack vectors (RDP and Email Phishing) provided the cyber attackers an entry opportunity into the network of these institutions and, consequently, a means to launch ransomware attacks.
Victims of these attacks will likely consider paying hundreds of thousands of dollars, mostly in bitcoin equivalent, to restore their network as soon as possible because students and staff are reliant on the network being available for academic activities.
Data theft was another threat event that was observed for the period under review, accounting for about 50% of the events recorded in 2019. A number of these breaches were linked to the e-learning tools and video conferencing platforms such as ProctorU, Chegg, and Zoom. BlueVoyant noted that credential lists of many university staff members are trafficked on the dark web and they attributed these to poor password management as password reuse and simple credentials were commonplace. The report also highlighted 200 attacks from state-sponsored data thieves but also included a caveat that the attacks were likely more during the period under review.
Due to the rapid pivot to online learning, university IT departments are mostly overstretched and/or are preoccupied with ensuring students and staff have the necessary tools to conduct remote learning and as such, might not be as focused on the institution’s information security posture, providing cybercriminals with an opening to exploit.
Some key initiatives that Universities can begin to pursue to harden their security architecture and reduce chances of falling victims to cybercriminals include demanding multi-factor authentication for all email accounts and continuous monitoring of the network for abnormal behavior such as fast logins to multiple accounts from the same location.