Cyber threat to disrupt start of university term
Universities and colleges are warned by the UK cybersecurity agency that a growing number of cyber attacks threaten to disrupt the start of their mandate.
The National Cyber Security Center has issued a warning after a recent spike in attacks on educational institutions.
These were “ransomware” incidents blocking access to computer systems.
Paul Chichester, NCSC director of operations, says such attacks are “reprehensible”.
The return to school, college and university, already struggling with problems with Covid-19, now faces an increased risk of cyber attacks, which according to the security agency could “sidetrack preparations for the new mandate”.
The cybersecurity agency, part of the GCHQ intelligence agency, says such attacks can have a “devastating impact” and take weeks or months to remedy.
Newcastle University and Northumbria both came under cyberattacks this month and a group of higher education institutions in Yorkshire and a higher education college in Lancashire came under attack last month.
The NCSC warning follows a series of ransomware attacks against academic institutions, in which malicious software or “malware” is used to ban users from their computer systems, paralyzing online services, websites and telephone networks.
The security agency says this is often followed by a ransom note demanding payment for the recovery of this frozen or stolen data, sometimes with the added threat of publicly releasing sensitive information.
Universities have often been the target of cyber attacks, with up to a thousand attacks per year in the UK.
Attacks can be attempts to obtain valuable commercially and politically sensitive research information. Universities also hold a lot of personal data on students, staff and, in some cases, alumni who may have made donations.
Earlier this summer, more than 20 universities and charities in the UK, US and Canada were involved in a ransomware cyber attack involving a cloud computing provider, Blackbaud.
The NCSC warning highlights the vulnerability of online systems for remote work, as more staff work from home.
“Phishing” attacks, in which people are tricked into clicking on a malicious link like in an email, remain a common path for such ransomware attempts, the council says.
Mr. NCSC’s Chichester says, “The criminal targeting of the education sector, particularly at such a difficult time, is absolutely reprehensible.”
“I strongly urge all academic institutions to heed our alert.”
The intervention was supported by Jisc, the body that provides internet services to UK universities and research centers.
Jisc’s Steve Kennett says that after the wave of cyber attacks on the “education and research community,” institutions need to act to mitigate risks.
Universities UK states that data security has become a priority for higher education and that “safeguards are in place to handle threats as much as possible”.
The university also says it is working with the NCSC to produce “robust cybersecurity guidelines” that will be released by the end of the academic year.