Global ransomware attacks against universities doubled year-on-year in 2020 as the pandemic forced massive changes to higher education, according to BlueVoyant.
The security vendor’s latest Cybersecurity in Higher Education report is compiled from an analysis of 2702 universities across 43 countries, covering the period January 2019 to September 2020.
It found that ransomware was the number one threat last year, with attacks increasing 100% and average pay-outs totalling nearly $450,000.
Many universities have been forced to switch to remote teaching/learning during the COVID-19 crisis, increasing their exposure to certain threats, BlueVoyant claimed.
The surge in ransomware could partly be explained by the fact that over a fifth (22%) of all analyzed universities and colleges had open or unsecured remote desktop ports (RDPs). What’s more, two-thirds (66%) lacked protocols like SPF, DKIM and DMARC to help guard against phishing.
These tend to be the top two vectors for ransomware.
After ransomware, data breaches were the number two threat event for the sector over the reporting period, accounting for half of all events in 2019. Over a third of these were linked to learning tools and associated apps like Zoom, Chegg and ProctorU.
According to BlueVoyant, credential lists linked to university users are “massively trafficked” on the dark web, and password management is poor, with reuse and simple credentials common.
There’s also a major threat from state-backed data thieves: the report recorded 200 such attacks in the past two years but argued that there were likely many more.
“This is an industry that has had to rapidly pivot to online learning, changing standard methods of learning, practically overnight. The education sector is also under huge financial and regulatory pressure,” argued BlueVoyant CEO, Jim Rosenthal.
“Threat actors know that there are vulnerabilities to be exploited and they are taking advantage of these vulnerabilities at every opportunity, making it imperative for universities to adopt a solid cybersecurity threat posture to ensure that the wealth of sensitive data is properly defended against adversaries.”