EXECUTIVE BRIEF: THE RANSOMING OF HIGHER EDUCATION Best practice defenses against ransomware and other cyberattacks Abstract Coordinated attacks are hitting higher education institutions across the nation and around the world. Cybercriminals continue to find college and university networks a lucrative target for ransomware. However, there are effective steps you can take to help prevent being a victim. Introduction There has been growing concern around ransomware attacks on higher education networks. Academic services have been locked up, and cumulative ransomware costs running in the millions. A Disturbing Trend According to the2020 SonicWall Cyber Threat Report, SonicWall Capture Labs threat researchers recorded 187.9 million in total ransomware volume during 2019, a 6% drop from the record-breaking 2018 volume. But volume shouldn't be confused with effectiveness. Cybercriminal organizations that leverage ransomware continue to focus on the quality of their attacks over sheer quantity. It's no longer the size of the organization, but rather their likeliness to pay. That is why higher education institutions across the world continue to be targeted with ransomware. And it's very much a global epidemic. This trend has been particularly damaging for education. According to a recentreport, the education sector was the most affected of all U.S. business sectors in 2018 and the first half of 2019. Threats range from nuisanceadwareto serious malware like trojans, backdoors and, of course,ransomware– a malicious file that encrypts system files and information on endpoints and servers. Universities hit byransomware attacksare denied access to vital information until they pay a ransom in cryptocurrency (most often Bitcoin). Apart from the direct financial damage caused by this kind of attack, the inability to access computer systems paralyzes the
2 academic institution.The cost of the damage only accelerates the longer the schoolis unable to send emails, record working hours or allocate classrooms and study resources, including school computers and Internet access necessary for many learning activities. Schools that refuse to pay can be incapacitated for extended periods of time. The now-infamousEmotet malwarehas also been striking schools, with attackers usingspearphishingto infect systems with the malware trojan. As many services are now entirely computerized, this can even affect infrastructure like heating and cooling, cafeteria services and security systems. A Global Concern Many U.S. universities and colleges have suffered from ransomware attacks, information leaks, and email account compromise in the past year. Universities and academic institutes are being targeted by moresophisticated attackersinterested in stealing the intellectual property (IP) and research data that they produce. The situation in other parts of the world is just as bad. In Australia thehead of the local intelligence agencywas recruited to inform universities about cyber threats and ways of prevention. This was one of the initiatives put in place after an extremely sophisticated threat actorcompromised ANUand persisted within the university’s network for months at a time. In the U.K. in April of this yearpenetration testingconducted by JISC,the government agency that provides many computerized services to UK academic bodies, tested the defenses of over 50 British universities. The results were unflattering: the pen testers scored 100% success rate, gaining access to every single system they tested. Defense systems were bypassed in as little as an hour in some cases, with theethical hackerseasily able to gain access to information such as research data, financial systems as well as staff and student personal information. Analysis: Common Threads SonicWall CEO Bill Conner states, “It is too easy to demand and receive ransom payment without the risks associated with traditional data exfiltration. Until organizations are serious about ransomware protection, these types of wide-reaching ransomware attacks will, unfortunately, continue. As we’ve witnessed across schools this past year, ransomware attacks are highly disruptive. Today’s distributed networks can be compromised in minutes. Everyday operations are then held for ransom at high costs.” It is no coincidence that schools are among the most attacked.Higher education institutions manage substantial sums of money, store personal information for students and teachers and connect with many external bodies and providersand, of course, parents, who primarily communicate with the school via email. This means that the school has a very largeattack surface. Coupled with enticing rewards is the fact that students make foreasy victimsofphishing scams.Students’ lack of experience combined with a tendency to use simple passwords acrossmultiple servicesmakes them prone tocredential harvesting and password- sprayingattacks. In one incident this past September, over3000 Kent State student emailswere hacked in this way. In addition, the awareness of parents, teachers and faculty regarding cyber risks is often much lower in education than in other sectors. Ransomware no longer infects a singular device but often multiple devices with the intent to infect the entire network. First made infamous with the WannaCry attack, ransomware authors now try to leverage vulnerabilities like SMB in Windows to spread to other drives. Not all computers are up to date and this leaves an opportunity to not only infect that device but to also infect others. Some academic institutions are rich in data and poor in security, which makes them a prime target. Colleges have student information, including grades, which are vital to their future endeavors, plus some jurisdictions must keep this data for up to 100 years. Universities that worked to digitize older records and without proper backups in place, may be at risk of losing this data or having to go back and digitize them again. Schools must continually keep everything backed up with those backups off the network whether it is on LTO tape or in the cloud. Further exacerbating the security situation is that educational establishments typically have limited staff dedicated to security. Unlike banks, schools typically do not have dedicated information security personnel who are engaged in 24/7 protection. “You’ve Got Ransomware” Most ransomware attacks come unsolicited in email. They come in attachments with subject lines such as: •Here is my resume •This is an unpaid invoice •Here is the invoice for your flight/ package etc. (in hopes people will be shocked into thinking their credit card info was stolen). Malicious URLs are also used. They will look like real URLs but lead to other places on the dark web. Common subject lines are: •Your card has been charged, please review •Is this you in this video? •Your package has arrived Be Prepared with Best Practices The US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA)recommendsthe following precautions to protect users against the threat of ransomware: •Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks. •Never click on links or open attachments in unsolicited emails.
3 •Backup data on a regular basis. Keep it on a separate device and store it offline. •Follow safe practices when browsing the Internet. CISA also recommends that organizations employ the following best practices: •Restrict users’ permissions to install and run software applications and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network. •Use application whitelisting to allow only approved programs to run on a network. •Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing. •Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users. •Configure firewalls to block access to known malicious IP addresses. In addition, SonicWall suggests the following best practice steps: •Educate users on cyber security best practices •Use a next-generation firewall to eliminate known threats on the network •Implement effective sandboxing on those firewalls to identify unknown threats •Deploy endpoint security with advanced AI to stop attacks before they happen on the endpoint •Avoid paying ransom; doing so only adds to the problem by encouraging more attacks Conclusion Unfortunately, with differing approaches on responding to ransomware demand being driven by budget and resources, cybercriminals have found colleges and universities to be a lucrative target for ransomware attacks. While these ransomware attacks are widespread, there are commonalities to consider. It is critical to be prepared by implementing known best practices and the latest ransomware countermeasures. Learn more.Read our Solution Brief: 7 Best Practices for Fighting Ransomware.
This site uses cookies to ensure you get the best experience.By using this site you agree to our use of cookies for analytics, and for personalized content and ads.