Newcastle University in the UK has reported a serious cyber incident, reported to be a ransomware attack. In an online statement, the University stated, “This is now the subject of a Police investigation and our team in NUIT is working extremely hard with a number of agencies to address the issue.”
Hackers are threatening to expose the data of its students and staff if the ransom is not paid. The group behind the attack is DoppelPaymer, the same group which leaked Tesla’s and Space X’s assets.
Why is the education sector being targeted? Laurie Mercer, Security Engineer at HackerOne sheds some light on the incident, why schools are valuable targets for hackers, and what can be done for universities to keep safe. His full comments are below my signature!
“We have seen universities increasingly targeted by ransomware recently – we often see that if one organisation within an industry is hit, others follow as cybercriminals see the niche! It won’t help that the education sector is particularly challenged at the moment by rapid digital transformation required by the pandemic.
Universities may feel that they lack security knowledge or skills to combat against the growing threat from cybercrime, but actually they are missing a trick. One great way to mine for this talent is a ‘students only’ bug bounty program, where students are encouraged to help universities find security vulnerabilities, and in return, the universities reward them with bounties and even course credits!
Students and institutions can together build a more protected and secure educational system. Hacker powered security is the most effective way to find vulnerabilities before they can be exploited and it’s likely that the majority of universities have skilled hackers already enrolled.
The National University of Singapore has run a number of successful challenges whereby students are invited to test their skillsets and find vulnerabilities in the university’s network. The last one saw 13 valid vulnerabilities reported and the students benefited from monetary rewards with more than 3,600 pounds being paid to students. I wish I had the chance to contribute to the security of my University when I was an undergraduate. The bugs the NUS students found, including critical reports, show that they have the skills that are needed to create a safer internet and I’d love to see more universities test their systems and their students in this way.”