Why Cybersecurity is a Major Issue for Higher Ed
1. Techniques Evolve FAST
Bad actors continually invest significant amounts of time and money in developing and adapting targeted threats that can bypass the defenses an organization has built. They use a wide range of sophisticated and evolving techniques that make it very difficult for any higher education institution to have a 100-percent-effective approach to security. As new attack vectors develop, organizations have increased exposure and increased risk.
2. Domain Name System (DNS)
One common factor seen across many threats is the use of the Domain Name System or DNS. The DNS is a core Internet protocol and is arguably one of its most critical components. When a user types www.example.com into their browser, the request is resolved by the recursive DNS infrastructure to identify the IP address of the physical web server that hosts example.com. An easy way to think about DNS is that it is essentially a phone book for the Internet that translates easy-to-remember resource names into the IP address of the server where that resource is located.
However, DNS has no intelligence to determine if a requested domain is a safe domain or a malicious domain that hosts malware. Instead, it will return the IP address for both good and bad domains. So, if a user in an organization receives a phishing email and they click on the link in the email, DNS will answer the request with the IP address of the server that hosts the phishing domain.
For example, when malware is installed on a device, it works just like any other software and tries to install additional software or receive updates. For the vast majority of modern malware, the way the malware calls home is by making a DNS request to find out which command and control (C2) server it should connect to. Using DNS provides greater flexibility than a hard-coded IP address that is easier for authorities to track down and for enterprises to block using a simple firewall rule.
In another example, DNS data exfiltration uses DNS requests to encrypt and send out confidential information outside of the organization. This could be credit card numbers, user logins and passwords, social security numbers, and so on. The malicious actors unencrypt the information and then sell or rent that data or use it to launch further attacks. Given the volume of DNS requests for a typical enterprise, it is not practical to inspect every packet.
3. Obfuscation Techniques
Associated with C2 and DNS data exfiltration, the bad actors also use obfuscation techniques such as Domain Generation Algorithms and Fast Flux domains to make it difficult for organizations to detect and block the malicious DNS requests.
The big challenge that higher education institutions face is that they often have limited visibility into the threat landscape that they uniquely face. As a result, one institution is likely to have a very different view of the threat landscape than that faced by another institution.
That means that when a college or university faces a threat that they have not seen before, it takes longer for them to identify and remediate the problem.
Given the evolving and expanding threat environment, institutions need to share information to improve the cybersecurity posture across the entire higher education market.