Academia is Still a Preferred Target for Cyberattacks. In our blog post of June 6 last year, we wrote that although the attacks in the academic sector had received much less media attention than those in other sectors, academic institutions have been favorite targets of cybercriminals for over 3 decades. We also mentioned that those attacks are not likely to go away. Sadly enough, this has proved to be true.
|March 2018||140 American research universities and 3,700 professors||Iranian MABNA APT attacks (see below)||Iranian hackers accessed data valued at $3 billion. Overall, 31 terabytes of academic data and intellectual property from more than 8,000 professors at more than 300 institutions worldwide were stolen.|
|July 2018||Augusta University (US)||Hackers gained access to personal and protected health information||Data breach to personal and protected health information of 417,000 people|
|August 2018||Delhi University’s website||Hacker group Blackscorpian ProBro`s accessed the
website of Delhi University-affiliated Maharaja Agrasen College
|The hackers defaced the web site posting ‘stop killing Muslims’ and ‘Pakistan Zindabad’ message on the website. They also threatened to publish the whole database and online.|
|August 2018||The department of Pharmaceutical Science at Utkal University (India)||Important links on the page of revenue department’s portal were hacked||Cybersecurity experts pointed to the lack of regular maintenance of websites as a major concern|
|Universities in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States.||Hackers (suspected to be Iranian hacker group COBALT DICKENS) used 16 domains containing more than 300 spoofed websites and 76 spoofed university login pages to steal credentials||Access to the universities’ online library systems to access academic resources online.|
Iranian MABNA APT
As we can see above, the motives of hackers differ greatly, varying from making political statements and hacking for profit to obtaining cutting-edge research data. In case of the Iranian MABNA hacker group that was working on behalf of the Islamic Revolutionary Guard Corps, the computers of 7998 professors at 320 universities around the world were hacked during the past 5 years. The targeted universities were located in the US, United Kingdom, Canada, Australia, France, Spain, Germany, Ireland, Italy, the Netherlands, Switzerland, Denmark, Sweden, Turkey, China, Japan, South Korea, Singapore, Malaysia, Saudi Arabia, Israel and South Africa. In all cases, it is clear that they were not randomly selected. All targeted universities are prominent research, technical or medical universities. The hackers targeted more than 100,000 accounts of professors compromising approximately 8,000 of them.
The MABNA group used the following attack method:
- The hackers first conducted online reconnaissance of university professors for determining their research interests and published academic articles.
- A targeted and customized spear-phishing email was sent to each professor purporting that it came from a professor from another university.
- Once a targeted professor clicked on the link, they were directed to a malicious internet domain posing as they own university.
- The landing page claimed that the professor had been logged out by accident and was prompted to re-enter his/her user credentials.
- This gave the hackers free access to a treasure trove of academic research data.
- The stolen data were sent to Iranian authorities but also sold online on three websites:
- Megapaper.ir, that sold the stolen academic resources to customers inside Iran (including Iranian universities and institutions).
- Gigapaper.ir, that sold a service to customers in Iran allowing them to use the compromised professor accounts to directly access online library systems of US and other foreign universities.
- Uniaccount.ir, that sold the stolen accounts as well as individual research journal articles, e-books and other documents. The site also offers its customers different kinds of membership. Regular membership (for ~$5) provided access to a variety of academic journals and five articles from “rare journals” for a two-month period. Gold membership (for ~$15) provided access to passwords of the “best universities” and 15 articles from rare journals, also for two months.
Not only higher education are under attack, also schools are attractive for hackers, with teachers and parents being “soft targets”. For example, the social network Edmondo (which connects teachers, pupils and parents) was hacked last year. The sensitive data of 77 million account users was stolen and sold on the dark web for $1,000 per record.
Overall, universities and schools are attractive targets for various reasons. For starters, both of them manage and store the data of students/pupils, alumni, parents, and personnel (teachers/academic staff) databases. They also manage financial information, have private health data on record, and process financial transactions. Furthermore, many universities conduct cutting-edge academic research. Some universities also develop potentially valuable patents as well as trade-secret related data.
Furthermore, universities and schools are far less protected against cyberattacks than commercial enterprises for two reasons. Firstly, as an educational institution, they want to keep their open and accessible culture, while protecting the sensitive data of students, educators and (of course) their researchers.
Secondly, the educational sector does not have the cybersecurity tools and experience of e.g., the financial sector. That is the main reason that about a quarter of educational institutions are still ill prepared for a cyberattack.
In short, educational institutions are facing the same cyber security challenges as other sectors, varying from phishing attacks, unsecured personal devices, lack of security awareness, vulnerable exposed networks that can be accessed by unauthorized access, unsafe internet browsing habits and malware infections.
To protect their data, Cymulate offers these education institutions a convenient and easy way to test their cybersecurity posture. Cymulate’s Breach & Attack Simulation (BAS) platform allows a university or school to run real cyberattacks in their own environment (at any time, from anywhere) in a safe manner without harming their network in any way. This allows them to test their security posture and mitigate vulnerabilities and exposure before cyberattacks hit and penetrate the networks.
Test the effectiveness of your security controls against possible cyber threats with a 14-day trial of Cymulate’s platform.
Don’t speculate, Cymulate