Universities and colleges are being warned of a rising number of cyber attacks that could threaten the start of term.
The alert from the National Cyber Security Centre (NCSC) follows an investigation into a recent spate of attacks on colleges and universities around the country, including ransomware attacks that disrupted Newcastle and Northumbria universities at the start of September.
The NCSC is recommending that organisations implement a 'defence in depth' strategy to protect against the threat of malware. This approach recommends the use of a layered system of security measures with multiple defence mechanisms ready to step in if one is compromised.
Organisations are also being advised to implement an incident response plan, which should include a scenario for a ransomware attack that has been fully exercised.
"This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible," said Paul Chichester, director of operations at the NCSC.
"While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted."
RELATED RESOURCE
2020 email security strategy guide
A people-centric approach to stopping malware, phishing, and email fraud
The NCSC's investigation began in August, shortly after cloud service provider Blackbaud notified its customers that it had been hit by ransomware, a clientele that is mostly made up of non-profit organisations and education providers. A number of universities and colleges were reported to have lost data in the attack.
At the start of September, Northumbria University was forced to cancel exams and shut down its clearing hotline after a cyber attack. This was swiftly followed by a similar incident at Newcastle University, which forced a number of online support services offline.
Ahead of the new academic year, with students returning to universities and colleges under social distancing measures, the NCSC has issued a set of security recommendations. These include an effective vulnerability management and patching procedure, the use of multi-factor authentication, the scrapping of scripting environments and macros, and the installation of antivirus software to prevent phishing.
-
Manufacturers report millions in losses as downtime wreaks havoc on operationsNews UK manufacturers are losing up to £736 million every week due to downtime, according to new research, with outages lasting for several days on end.
-
Microsoft gives OpenAI restructuring plans the green lightNews The deal removes fundraising constraints and modifies Microsoft's rights to use OpenAI models and products
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
-
Cyber professionals are losing sleep over late night attacksNews Hackers are biding their time and launching attacks when businesses can’t respond
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
