CYBERCRIMINALS plan attacks around key points in a sector's calendar, a North-East cybersecurity experts has said, following a spike in online attacks against UK colleges and universities.
Education establishments have been warned by the UK's cybersecurity agency the National Cyber Security Centre, a part of GCHQ, after a rise in attacks as the new term begins.
Both Newcastle and Northumbria universities were hit with a cyber attack in the first week of September.
Many of Newcastle's systems were not operating, while Northumbria's exams and its clearing hotline were affected.
Watersons cyber expert Stew Hogg said: "Cyber criminals target organisations at peak times in their calendar to increase the chances of their ransom demands being met.
"In the case of universities it is likely that the critical period of 'clearing' and the run up to a new academic term will increase the reliance on IT systems and therefore disruption caused may increase the chances of a ransom being paid."
The NCSC issued an alert to the academic sector which contained steps they can take to keep cyber criminals out of their networks.
But the problem has been worsened by the pandemic as employees use home connections and unfamiliar tools.
Mr Hogg added: "We have certainly seen an increase in the frequency of cyber attacks since the Covid pandemic.
"While these attacks broadly use the same tactics as before, like phishing emails and ransomware, there is now an increased opportunity to brand these malicious emails with convincing headlines for example imitating a correspondence relating to furlough payments or a critical Covid update from the World Health Organization.
"We have also seen unprecedented change to our working habits with many organisation adopting cloud based systems to collaborate such as Microsoft Teams.
"This also presents malicious attackers with an opportunity to imitate an unfamiliar login screen or email with a new link and therefore we’re seeing more successful attacks as a result."
Paul Chichester, director of operations at the NCSC, noted the "particularly challenging time", condemning hacks as "utterly reprehensible".
The alert comes after data from more than 20 universities and charities in the UK, US and Canada was breached earlier this year, due a third party attack.
Blackbaud, an administration and finance software provider that each organisation used, paid an undisclosed ransom to cybercriminals.
Ransomware attacks involve the encryption of an organisation’s data, which is then decrypted and recovered when a financial demand has been met.
But financial gain is not the only reason universities are targeted – hackers may attempt to steal research used for the Government or private companies.
"There is also a wider risk of state sponsored attacks by nations with a hostile stance against the UK who would be interested in disruption key services," Mr Hogg said.
"For example, this has played a role in election interference in the US.
"While it is unlikely the university attacks are state sponsored, we need to be ever vigilant to protect our critical services and national infrastructure and there are now enhanced regulations for organisations deemed as critical nation infrastructure."
National critical infrastructure consists of systems, facilities and networks that are essential in the country running day-to-day.
As well as robust security measures such as firewalls, regular password changes and multi-factor authentication, universities are being urged to plan for an incident and test the process.
Mr Hogg said: "This should include backups that are kept offline from their operational IT systems, meaning they can be used to restore services in the case of a serious cyber attack.
"This means not only focussing on defence but ensuring that recovery plans are tested and effective should the worst happen."
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here