University Cyber Attacks Down To Students, Staff

Organised crime and hacking groups may not be responsible for the spate of cyber-attacks against universities and colleges in the UK.

This is said to be the conclusion of a security analysis of the attacks carried out by Jisc, the UK provider of ICT (Information and Communications Technology) services for the education sector.

The analysis has reportedly concluded that staff or students could instead be responsible, rather than outside hackers.

Holiday breaks

According to the BBC, Jisc examined the timing of 850 attacks in 2017-2018 and it found a “clear pattern” of attacks being concentrated during term times and during the working day.

When holidays begin, the report said that “the number of attacks decreases dramatically”.

This led the report to conclude there are “suspicions that staff or students could be in the frame.”

The report apparently says that rather than hacking groups or online criminals, the findings instead suggest that cyber attacks on universities and colleges are more likely to have been caused by disgruntled staff or students wanting to provoke “chaos”.

“It’s notoriously difficult to identify individual cyber-criminals,” Dr John Chapman, head of security operations for Jisc is quoted by the BBC as saying.

The report showed that the peaks and troughs of attacks mirror when students and staff were most likely to be present.

They increased from 08:00 or 09:00 and then tailed off in the early afternoon. There was a very sharp decline in attacks in the Christmas, Easter and summer breaks and during half-terms – with attacks rising again sharply when terms resumed.

The report found that there had been more than 850 attacks across the academic year, aimed at almost 190 universities and colleges.

Expert take

One security expert has warned that universities need to do more to warn both students and staff of the impact of cyber attacks.

“Some of this will come down to educating staff and students,” said Nick Murison, managing consultant at Synopsys. “Campus networks can feel like safe places for students to try their hand at hacking, with some of the activity being down to curiosity as opposed to any intentional malice.”

“Staff may feel that their data doesn’t warrant much protection as it’s ‘just research data’ that holds little commercial value, and so may not take appropriate steps to secure their systems,” said Synopsys’ Murison. “University IT departments are constantly battling ‘shadow IT’, with students and staff connecting various systems to the network that are not centrally managed, and are often not secured.”

“Universities should ensure that everyone understands the impact of lax security and ‘messing around’, both through education campaigns and making it clear that there are real-world consequences for violating IT security policies, not to mention the law,” he said.

Murison said that universities have to enforce strong security controls for both internal and external systems, and enforce principles of least privilege.

“You cannot simply rely on a strong external perimeter; you have to harden all systems in anticipation of attacks from both the outside and the inside,” he said.

Another expert said it was little surprise that the attacks were coming from insiders.

“It’s no great surprise to hear that universities are suffering at the hands of insiders,” said Simon Cuthbert, Head of International, 8MAN by Protected Networks. “Whist external threats exist, the fact is that 80 percent of breaches are internal, and no network is exempt from the threat of these hackers, whether malicious or accidental.”

“The risks to universities are much the same as any given organisation, and these internal hacks often occur because users have too many permissions and access to data that they do not need,” said Cuthbert.

“IT teams need to be able to get a clear and simple view of who has access to what,” he said. “Once they have that baseline they can then work to understand why they have this access and whether it is required? They can then work on the process of repairing the permissions structure. As time goes on, managing permissions becomes much less taxing and far more rewarding when hacks of this nature can be thwarted.”

In 2016 security firm SentinelOne found that British universities were being actively attacked by ransomware.

SentinelOne submitted freedom of information (FoI) requests to 71 British universities to see if they had suffered a ransomware attack in 2016. It seems that 58 universities replied, and 23 admitted they had been attacked in the last year.

How much do you know about hackers? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago