Educational institutions have always been a lucrative target for cybercriminals because of the amount of sensitive data they hold. However, with the shift to a remote learning and teaching environment, they have become more vulnerable.
Facts and findings
- Most of the attacks are observed in North America, followed by Western Europe and Western Asia.
- The majority of threats included attack vectors such as unauthorized access via weak credentials, spoofing, phishing, and spam emails.
- Most of the attacks were carried out with financial interests, while in several instances, attacks were driven by theft of intellectual property.
Nation-states and APTs
Here are some recently observed attacks on educational institutions by nation-state hackers or APTs:
- The Defence Academy of the U.K, which comes under the U.K’s Ministry of Defence, was allegedly targeted by state-sponsored hackers from Russia and China.
- One of the major attack campaigns, Earth Vetala, was launched by the Iran-based threat group - MuddyWater. It targeted education entities in the UAE, Bahrain, Saudi Arabia, Israel, and Azerbaijan.
Ransomware - a prominent threat
Ransomware attacks are still one of the most common threats faced by the educational sector.
- A spike in ransomware attacks targeting schools, colleges, and universities was observed in the U.K.
- The FBI has alerted about the ongoing and increased Pysa ransomware activity targeting educational institutions.
- Staring College was targeted by a cyberattack and had to pay a ransom to regain its locked files.
- The Clop ransomware group had leaked the personal details of students and patients at the University of Colorado and the University of Miami, which were stolen from their Accellion FTA servers.
Other institutions that recently suffered attacks
Several other universities, including the University of Central Lancashire, Chester Upland School, and Oxford University, were also targeted by cybercriminals for various motives, including direct financial gains and theft of IP.
The education sector continues to face more attacks from threat actors of all cadres, including nation-state hackers, APT groups, and ransomware operators with financial motives. Therefore, it is important for academic institutions to stay protected by providing ample training and awareness to their employees about common attack vectors.