Attacks in cyberspace have become the new standard with the rise of digital technologies. These attacks take place every day. However, unlike physical attacks, they may not be noticed or even known by the target for long. If a significant attack occurs, it rarely makes it into the media and the general public's awareness. Did you know, for example, that Masaryk University faces such attacks almost daily?
Cyber attack attempts
Incidents resolved manually
Increase compared to 2019
In 2020 alone, Masaryk University detected 121 290 cyberattack attempts. Most of these attempts were thwarted by automated security tools. Nevertheless, 1 494 incidents required manual solutions provided by the Cyber Security Team of Masaryk University (CSIRT-MU). This figure represents a 200 % increase from the previous year.
At first glance, an attack on universities may seem like a waste of time for the attackers, as there must be more attractive sectors to target. However, the opposite is true. Universities are a rather tempting target for an attacker. It is because each university holds funds and a significant amount of data and information. In particular, data related to science, research, and teaching. If an attacker obtains this data, he can easily misuse it for his or someone else's benefit.
Furthermore, universities have a significant disadvantage: training students and staff in cybersecurity is harder. Some universities somewhat marginally address training in this area, while others approach the issue proactively. At Masaryk University, for example, an education team aims to raise this awareness through online and face-to-face courses. However, the possibilities are limited due to the inflow and outflow of many students each year. What makes the situation worse is the fact that universities are optimal targets because of their academic freedom and open environment, which can give an attacker an advantage.
Therefore, there are plenty of reasons why someone would attack a university. But what is the motivation? Attackers come from all over the world and may have different interests and goals. To simplify the situation, we have divided the attackers into two categories.
The first category is state-sponsored attackers. The primary mission of universities is to educate and provide career training, but since a university is a research organization under the Higher Education Act, science and research also play a crucial role. It is the result of cutting-edge research that other countries may desire. For hackers of foreign powers, stealing, manipulating, or destroying such data may be very tempting.
We are talking, for example, about countries that fall under various sanctions. For these countries, hacking attacks can access reputable research and knowledge. Moreover, this is demonstrated by events in recent years. For example, in 2018, Iranian hackers stole scientific papers from prestigious English universities that contained data on nuclear research and cybersecurity. Before the situation came to light, between 2013 and 2018, Iran obtained data from 7,998 professors and 322 universities worldwide.
China, for example, is not far behind. In 2018, Chinese hackers likely attacked two dozen universities in the US. The goal was to obtain research data from universities with potential military applications. However, this is not always military-related research. Other sectors of interest to state hackers include healthcare.
However, the attacker and his motives are not always revealed. In 2021, the University of Oxford's biology lab, where research about the Covid-19 disease was being carried out, was targeted by hackers. It is not clear yet who was behind the attack. Still, the university lab researched coronavirus cells essential for creating other potential Covid vaccines. Thus, the attackers were either trying to foil the research (delete the data) or steal it and further exploit it for another state actor.
Ransomware
Ransomware can cause significant damage to a university. This malicious file restricts users from accessing their computer system or files. The program demands payment of a ransom to restore access.
DDoS attack
This attack works by overwhelming the server. At one moment, the attackers send so many requests to it that the service cannot respond and therefore slows down or stops completely. The targeted website or email is then rendered unavailable.>
The second category of attackers is cyber criminals. In this case, the university is attacked by people usually looking for financial gain. Their activities are often immediately noticed by the university. These cybercriminals cause mainly short and intense problems for universities. They specifically target data they can sell on the black market or use ransomware to blackmail universities and demand ransom for data recovery.
Most likely, the university is then attacked by the students themselves. They do so not with the vision of financial gain but to disable websites, online learning, or online knowledge testing tools. They do this using so-called DDoS attacks. And how do we know that students are behind these attacks? Kaspersky Lab's analysis shows that most DDoS attacks occurred during the semester and subsided during the holidays. In addition, data collected on a series of attacks targeting universities showed that the intensity of the attacks declined while students were off campus.
The pandemic exacerbated the situation in recent years when the education sector became a more frequent victims of cyberattacks. The rapid and often improvised transition to online learning and the associated use of new communication channels brought an increased number of cyberattacks.
Responsible and educated users are the cornerstone. Only you can be the University safer, and our Cyber Security team can handle fewer incidents. That's why it's essential to learn the basics of cybersecurity in the first place. You can visit our website https://security.muni.cz/en, which provides various online courses to help you navigate cyberspace.
At the same time, universities in the Czech Republic are aware of the risks connected to cyber attacks. That is why public universities have decided to establish intensive cooperation in 2021 to raise their cybersecurity status within the framework of Centralized Development Projects.
The Cybersecurity Team of Masaryk University found a higher threat of phishing attacks, which aim to trick and manipulate users into behaving as the attacker demands. Therefore, we urge all Masaryk University users to be vigilant and cautious.
We strongly advise all users of IT at MU not to use the TikTok mobile application. We are doing so based on the warning issued on Wednesday, March 8, by the National Cyber and Information Security Agency. This warning affects the Information System of MU (IS MU) and the Economic and Administrative Information System of MU (INET).
