In May of 2020, the cloud computing provider Blackbaud which is a major supplier to Universities across the globe was targeted by a ransomware attack. While Blackbaud managed to minimise the damage to its systems, the cyber criminals behind the attack managed to steal a subset of data. As a result, many universities in the UK, US and Canada lost data on existing students, alumni and donors. This data included phone numbers, donation history and event attendance.
Universities hold and process and a great deal of information that could be exploited if it gets into the wrong hands. Often universities hold sensitive personal information on thousands of staff and students, making them prime targets for attack. In addition to personal information, universities also hold confidential research data which can be valuable to cyber criminals and state-sponsored actors.
Universities are prime targets
Vital in contributing to the economy, skills and innovation; universities handle large amounts of personal and research data, intellectual property and other assets, all of which has significant value to others. According to the National Cyber Security Centre (NCSC) , it is almost certain state-sponsored actors are looking to steal data and information for strategic advantage from universities. Cyber criminals also target universities to commit fraud and monetise any stolen material through sale or ransom.
The types of data targeted
The kinds of data and information of interest to a cyber criminal or state-sponsored actor may be:
- Personal information on staff and students
- Technical resources such as documentation and standards
- Sensitive research and intellectual property
The use of this data varies but will all serve the interests of a cyber criminal. For example, often when an account is compromised, attackers use email to penetrate university systems further. Attackers have even been known to set-up Outlook mail rules to divert any replies to their emails, hiding their conversations pretending to be the user and helping them to avoid detection.
Defending against attacks
The University of Stirling employs various methods to detect suspicious activity across our systems; however, our first line of defence is good cyber security awareness among staff and students. We all have a shared responsibility to exercise caution while carrying out work, basic precautions such as not clicking links from unidentified sources or reporting suspicious emails all help maintain our security. We have numerous articles on good cyber security practices, read some more using the links below.