A recent report found that Higher Education Institutions have now become the number one target for ransomware and other malware attacks. The report revealed that that one in 10 education organizations have found that ransomware has infected their networks.
Academic institutions must maintain an unusually open cyber environment to ensure access for all, which makes them a target for cybercriminals and leaves their research and student data at risk. Hackers launch ransomware attacks that target faculty, staff and internal resources. The attacks usually start with a phishing campaign – the type that lead to the Olympians’ medical data being leaked – featuring a variety of lures that are irresistible to students and faculty, tricking them into clicking on a malicious document or website that automatically downloads a variety of ransomware and malware.
Michael Patterson, CEO of Plixer says “While College IT teams are busy trying to stay ahead of the latest techniques that hackers employ, colleges need to take a proactive approach in educating both faculty and students on safe computing. Ransomware for hackers has proven to be very effective for generating profits. The educational environment is a top target for ransomware as the BitSight data demonstrates because of the open access necessary for an educational environment. This invites hackers to target a huge student and faculty population that can be quite vulnerable. Many ransomware attacks start with a simple phishing lure to encourage students to click on a URL, malware document or website and in a flash their documents or even their hardware is locked up and held for ransom.”
Although ransomware has been getting the most attention due to its prevalence, there are a myriad of other computer issues that school IT Teams have had to face. In March, just after the College Board released its new SAT Test Questions, a massive breach was discovered that exposed hundreds of the Test Questions. Penn State’s Engineering Department was penetrated by malware that forced the college to take its networks offline after sustaining an intrusion into the College of Engineering that had lasted longer than two years.* The university estimated that it has spent roughly $2.85 million responding to the attacks with $450,000 paid to external experts and the remaining $2.4 million spent on replacing infected hardware. Just recently, Butler University student emails were blocked due to a spam link during the first weekend of September.
Most recently, Denial-of-Service Attacks have spiked. A 129% increase in DDoS attacks in the second quarter of 2016 have been recorded, compared to the same period last year according to a report by Akamai.* While campus IT teams have had to defend against these types of attacks, there is also a twist in this scenario as well. IT teams now should be ensuring that their CCTVs, and other IoT devices are not compromised and participating in DDoS attacks. These are just a few of the examples that colleges are exposed to everyday.
Possible Precautions for IT Teams
DNS monitoring is one of the most underutilized, yet highly effective ways for Universities to protect themselves against ransomware. Some organizations force updates on devices when they attempt to use the Internet. This strategy can give security admins piece of mind that everyone is compliant. Students who don’t comply simply aren’t able to get on-line. What’s additionally helpful is that logs from the updates processed could be compiled and habitual non-compliant users can be identified and forced to attend on-line security training sessions.
To help educational institutions, Plixer has developed a free app that helps students and faculty learn to spot and avoid phishing attacks. The app is called Click Click Phish and can be found here: https://www.plixer.com/phishing-attack-education/click-click-phish.html
For more resources, see www.plixer.com
Plixer is a leader in delivering massively scalable flow collection with behavior and traffic-pattern monitoring, enabling organizations to rapidly identify threats and provide surgical incident response. By collecting flow data from existing network and security systems and offering the industry’s fastest and most comprehensive reporting, Plixer customers gain deep visibility and context, vastly reducing time to resolution. DVR-like replay, via a graphical display, delivers granular forensic details corresponding to events. Plixer provides the data you need, when you need it most. Learn more atPlixer.com, stay connected with the Plixer blog, and follow us @Plixer.