Story image

Education prime target for cyber attacks, report finds

Educational institutions and students around the world remain prime targets for cyberattacks, according to a new report conducted by Malwarebytes.

According to Malwarebytes, school and university networks often lack strong protection due to limited budgets and resources. As a consequence, connected devices remain a favoured point of entry for hackers, whether on institution-owned or BYOD devices, compromising systems and sensitive data.

In 2018, education was the top industry for Adware compromises, Trojan detections, and second on the list of verticals most commonly hit with ransomware. This trend continued in the first half of 2019 and is likely to continue to remain a threat for educational institutions in years to come.

Globally, in the first half of 2019, Trojans, Adware and Backdoors were the three largest categories of threats identified among education institutions:

Adware (43%)
Adware is unwanted software designed to throw advertisements up on screens, most often within a web browser. Typically, it uses an underhanded method to either disguise itself as legitimate, or piggyback on another program to trick the user into installing it on their PC, tablet, or mobile device.
Trojans (25%)
Trojans are often seen as a virus or a worm, but they're neither. Trojans use deception and social engineering to trick unsuspecting users into running seemingly benign computer programmes that hide malicious ulterior motives.
Backdoors (3%)
Unlike other cyberthreats that make themselves known to the user (i.e. ransomware), Backdoors are known for being discreet. They exist for a select group of people in the know to gain easy access to a system or application, and they are on the rise.

Malwarebytes Labs also detected that globally the .edu domain email addresses was increasingly being used on a wide array of other networks, increasing the risk of infection and harm to both the device and the institutions network when the device is brought back on campus.

"The digitisation of the education industry, and the rise of LMS and eLearning platforms represent fantastic opportunities for schools, universities and students," says Jeff Hurmuses, area vice president and managing director, Asia Pacific.

"But this also means more devices, both institutional-owned and student-owned connect to the network," he says.

"Students use an increasing number of devices - on campus, at home and on the go - connecting endpoints to both secure and unknown networks," Hurmuses says. 

"This increases the risks of devices being infected, putting the institutions corporate network and the students personal data at a greater risk of being compromised."

In fact, Malwarebytes found that devices plugged into the school networks (vs. school-owned devices) represented 1 in 3 compromises detected in H1 2019.

Trojans: a cyberthreat on the rise
Education was the top industry globally impacted by Trojans in 2018, and Malwarebytes Labs has identified this trend will continue to accelerate in 2019. In the first half of the year:  

Trojans represented almost 30% of all detections on institution-owned devices
Among devices plugging into the network, Trojans represent the single largest threat category, even above generic Malware and Adware detections

Amongst Australian education organisations, 21% of compromised non-institution-owned devices carried Trojans, much higher than other western countries such as Singapore (17%), or the UK (5%).

In this first half of 2019, Emotet, Trickbot and Trace have been particularly active in the education space globally, with the three representing nearly half of all Trojans detected (44 percent) and more than 11 percent of all compromises

According to Malwarebytes Labs, schools and universities across Australia need to brace themselves for a continuing onslaught of cyberattacks.

"Cybercriminals are opportunistic: the more devices connected to an education institutions network, the more data that is generated and therefore the more tempting the attack," explains Hurmuses. 

"The education sector often puts cybersecurity as a secondary item on their list of priorities, mostly due to limited budgets, lack of internal cybersecurity skills and outdated infrastructure," he says. 

"However, institutions need to understand that protecting endpoints is of utmost importance. It is paramount to prioritise investments in appropriate device protection solutions, and collaborate with students and their parents to raise awareness about basic endpoint cybersecurity hygiene."

Link image
Sydney, you're invited: Chat about the cloud over breakfast
Join the ApsaraChat Breakfast Series in Sydney for a look into how Alibaba Cloud helps Australian businesses save money and improve the performance of their cloud environments. See case studies from the fintech, visual effects and hospitality industries.More
Story image
Today
The rise of the Neobanks: How they challenge traditional banking
Neobanks are catering to customers who are tired of the big banks and those who seek alternatives, says financial advisory firm Mozo.More
Download image
Ten keys to unlocking cybersecurity automation
Modern cybercriminals are well organized, well-funded, and profit driven. To effectively combat these cybercriminals, enterprise security teams must become crimefighters. More
Story image
27 Sep
The key performance metrics to monitor for perfect server visibility
Organisations need to have server monitoring tools that cover the right performance indicators that fit the applications they have running on their servers. More
Story image
Today
Apptio launches new Insights and Action Plans solution
Apptio has launched ‘Insights and Action Plans’, a new solution that notifies users of opportunities for optimisation, areas of hidden spend, variance from forecast and more.More
Story image
06 Nov
Zscaler partners with Microsoft to bring Office 365 to more businesses
“Office 365 is a significant business driver in the cloud transformation journey. We are thrilled to partner with Microsoft to make it easier for customers to adopt and use the full Office 365 suite."More