Ethical hackers cripple cyber defense of universities within two hours

• The test attacks were conducted on more than 50 universities present in the UK.
• The hacker team also obtained sensitive data after breaking into these systems in those two hours.

A team of ethical hackers has successfully intruded cyber defense systems employed by universities across the UK. The test attacks were merely done in a span of two hours.

The team was from Jisc -- an organization that provides internet services to the majority of UK’s universities. The experts could access and view personal data, finance systems, and research networks.

Worth noting

• In the test attack, the team accessed student and staff information, overrode finance systems as well as accessed research databases. Some of the simulated attacks were done in just an hour.
• One of the techniques deployed by the team was spear-phishing to drop malware into these systems through phishing emails.
• Over 50 universities’ systems are said to be compromised by this attack with some systems being attacked repeatedly multiple times.

What led to the issues?

John Chapman, head of security operations at Jisc suggests that the universities’ lack of cybersecurity knowledge being the reason for growing attacks in the country. Chapman told BBC that, “...we are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills, and investment. Cyber-attacks are becoming more sophisticated and prevalent and universities can't afford to stand still in the face of this constantly evolving threat.”

All in all, the UK has witnessed thousands of breaching attempts on systems belonging to the universities in the past year. It is high time for the education sector to step up its game and employ necessary cybersecurity measures to safeguard academic computer networks.