Complex Made Simple

Exclusive: Here’s why academic institutions are legitimate targets for cyberwarfare

Education, together with retail, faced the highest level of ransomware attacks during 2020, with 44% of organizations having been hit

Attackers are more interested in the innovative research initiated on higher education campuses Firewalls and VPNs are targets due to the shift in student and instructor access brought on by online learning Aqdar E-Safe Schools, an intelligent security framework, was implemented across UAE public and private schools

Education, together with retail, faced the highest level of ransomware attacks during 2020, with 44% of organizations having been hit (compared to 37% across all industry sectors), according to a report by Sophos.

The total bill for rectifying a ransomware attack in the education sector was on average $3.64 million.  These are surprising figures considering that educational institutions are not considered cash cows like financial, insurance, or global retail corporates.

In an exclusive interview with Gaurav Mohan, VP Sales, SAARC & Middle East, NETSCOUT, we looked at why education was on the target list of attackers

1- Why was education (K-12 or tertiary education) a target in 2020 and why is it still one today?

Network expansion was prompted by online learning. Cybercriminals are launching a wave of attacks using the new threat surface produced by online learning outside the core network. The goal was to cause havoc and disturbance to bring an online session to a halt. With a global increase in dependence on online learning during the pandemic, attackers inevitably took advantage of this, and it appears that this phenomenon will continue long after the pandemic.

2- Are they after critical scientific data? Academic research?  

Higher education institutions keep track of employees’ and alumni’s personal information for years, including dates of birth, identification numbers, and social security numbers. However, the intellectual property that colleges store on their networks is far more valuable.

Attackers are more interested in the innovative research initiated on higher education campuses, as these range across various fields and could therefore instigate a more significant payout.  A reference blog can be found here.

3- Are schools and universities cash cows for cybercriminals?

Following a successful hack, educational institutions may face fines, large-scale lawsuits, and remediation costs. Institutions are frequently obliged to pay for forensic investigations, information call centers, and even free credit and identity monitoring for those harmed. A blog explaining this is here

The 2021 Cost of Data Breach Study conducted by Ponemon Institute found that the average consolidated total cost of a data breach in the UAE can reach $4.24 mn, while the global average price of a data breach in the educational sector is $4.77 mn. To avoid fines, lawsuits, and remediation costs, educational institutions are thus more likely to be willing to pay the price, meaning they are an easier target for cybercriminals.

4- How can UAE academic institutions combat these threats?

According to NETSCOUT’s Threat Intelligence Report, the education sector has ranked as the 7th most targeted vertical in the UAE facing the threat of distributed denial-of-service (DDoS) attacks. Schools may need to deploy a range of mitigation measures and security postures due to the number and type of DDoS cyberattacks they may face and the complexity of each institution’s network. However, investing in on-premises security is a wise first step.

This is a significant shift for many schools, particularly K-12 institutions because many, traditionally, have not been appealing targets. Today, the question is more about when, not if, an attack will occur. Industry experts agree that the optimum overall mitigation method is a multi-layered DDoS defensive system.

5- Where are the weaknesses (VPN, Cloud, peripherals)?

The new threat environment, which has emerged from the online learning trend outside the core network, has allowed threat actors a far easier route for significant cyberattacks.  Virtual private networks (VPNs), or online SaaS-based services, commonly connect these endpoints to the network.

Firewalls and VPNs are becoming increasingly prevalent targets due to the shift in student and instructor access brought on by online learning. Furthermore, attackers are launching more minor attacks to avoid being caught by many warnings at cloud scrubbing centers.

6- What defense mechanisms are in place for education institutions?

Since attackers can now conduct attacks that evade upstream protection, on-premises defense is required. To avoid alerts exposing the bad actors, attacks on the application layer, more minor attacks, TCP floods, and attacks against VPNs and firewalls are used. The possibility of compromised hosts within the network communicating with recognized command-and-control (C2C) infrastructures on the internet for further virus exploitation heightens the threat to educational institutions.

7- What are some UAE initiatives to educate students/admin about the challenges they may face in the digital world, especially in the age of remote learning and virtual classes?

To assist schools in evaluating the safety of their e-learning methods, the UAE has a world-class program in place, and educational institutions have been collaborating with authorities to maintain their services safe.

Aqdar E-Safe Schools, an intelligent security framework, was implemented across public and private schools in the UAE last year. This program informs students about the difficulties they may encounter in the virtual world and what occurs when technology is exploited and what they should do in the event of a hack.

8- When are schools and universities most vulnerable to attacks (at the start, middle, or end of the curricular year)?

According to MS-ISAC data, ransomware attacks on K-12 schools spiked as the 2020 school year began. In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared with 28% of all reported ransomware incidents from January through July.

According to a six-month review of DDoS activity across worldwide education networks by the NETSCOUT ATLAS Security Engineering and Response Team (ASERT), it can be seen when comparing the first two quarters of both 2019 and 2020 that the first quarter in each year witnessed more cyberattacks. More on this here