Universities a 'huge target' for nation-state attackers, warns NCSC

Cardiff University

In an assessment of the state of cyber security of UK universities, the National Cyber Security Centre (NCSC) said state-sponsored espionage is among the most evident and damaging threats in the long-term to academia's elite.

Universities are the gatekeepers and creators of highly valuable information, which makes them attractive targets of cyber crime and state-sponsored espionage, so it's important that these institutions remain cyber secure.

Ask key contributors to the economy, skills development and innovation in the UK, universities handle highly sensitive and valuable personal data an intellectual property that outside threats would love to acquire.

"It is almost certain that state-sponsored actors are looking to steal data and information for strategic gain," said the NCSC. "Meanwhile, cyber criminals seek to commit fraud, or monetise stolen material through sale or ransom.

"Once access is gained, it is highly likely that both types of attacker will exploit facilities such as compromised email accounts, to further penetrate university systems."

The threat of state-sponsored espionage is particularly high for universities with world-leading research programs, according to the cyber security branch of GCHQ, and the damage of stolen data would extend to the UK's "larger national interest" and researchers who may lose the chance to 'publish first'.

Sensitive research such as that related to the military, national defence and in STEM is among the most prized data that attackers would want to target. Losing this would likely come at the detriment of both the university and the UK as a whole, the NCSC said.

For example, the university could become less valuable to investors if they're research is stolen through a cyber attack which would mean funding may be cut to future research projects. The UK would also become more vulnerable if our enemies gain information about how we protect the country.

Phishing is one of the key concerns universities should address, according to the NCSC, as it's a common way attackers can steal log-in credentials from students and staff. It can also lead to the downloading of malware which can be designed to steal data once it has infected a machine connected to the university's network.

"While employees in corporate organisations may have received awareness training, many students won't have the same experience in identifying and reporting phishing attacks," said Jordan Wright, Duo security principal R&D engineer.

"Similarly, unless you're involved with the information security industry and can stay on top of the ever-evolving tactics attackers use, you're less likely to recognise the tell-tale signs of a phishing email."

In August 2018 researchers discovered myriad phishing attempts on western universities, including the UK's, that ultimately stemmed from Iranian nation-state attackers. They created fake log-in pages to which victims were sent through email and then stole their university log-in credentials, mainly for their library systems so they could steal intellectual property.

A previous Iranian attack spanning four years was foiled in 2018 which saw hackers target 100,00 professors and ultimately made off with over 30 terabytes of academic data.

The NCSC advises universities to promote cyber security awareness of everyone on campus as phishing attacks try to exploit human tendencies but this can be particularly difficult for universities which see a high turnover of staff and students.

Due to this high turnover, the security body also encouraged strict access controls to be put in place and the partitioning of the network, keeping high-value data in different places to make it less easily accessible for attackers.

Lastly, universities should consider their computer network design and deploy a central means of management. Universities enjoy the freedom of many private networks for specific departments and functions but these can become difficult to manage and if left vulnerable, provide attackers with an entry point to a network.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.