Attackers Continue to Target UK UniversitiesUniversity of Hertfordshire Is Among the Latest Victims
The University of Hertfordshire has sustained a cyber incident that severely affected students' online classes and an assignment submission portal. The university, however, notes the incident did not lead to data theft.
In a statement, the university says hackers compromised its network on Wednesday, affecting its cloud service. As a result, the university called off its online classes until April 19 and restricted students from accessing online meeting apps, such as Zoom, Canvas and Microsoft Teams.
"Shortly before 22:00 on Wednesday 14 April, the university experienced a cyber-attack which has had an impact on all of our systems," the university notes in an alert to its students. "You can continue to attend in-person on-campus teaching but access to computers is restricted and sessions that require specialist applications will most likely need to be rescheduled."
The university also says it has barred the students from accessing its computers and warned that students may face service disruption while connecting to the university's Wi-Fi service.
The university did not respond to a request for further details.
Surge in Compromises
The University of Hertfordshire is the latest victim on the list of U.K. educational institutions that have been compromised by threat actors in recent months.
On March 3, 15 schools that are part of the Nova Education Trust were targeted by ransomware that crippled all the schools' communication channels, including email, phones and websites.
On March 18, 23 schools run by the Castle School Education Trust were hit by ransomware that disrupted the school's online functions. One of the largest attacks was a suspected REvil ransomware attack that compromised the network of the Harris Federation, which runs 50 primary schools and secondary academies in and around London. The incident, which adversely affected the school's communication channels, is estimated to have affected 37,000 students.
Due to the rising number of cases, the U.K's National Cyber Security Center issued a warning to all educational institutions in the country about ransomware attacks, which have been rising since February.
In the alert, the NCSC noted ransomware groups have been using vulnerable Remote Desktop Protocols, VPN vulnerabilities and phishing campaigns to target their victims.
In March, the U.S. FBI warned that the Pysa ransomware strain has been targeting higher education institutions, K-12 schools and seminaries in the U.S and U.K. to exfiltrate sensitive data and then threaten to leak the stolen data in forums on the dark web if a ransom is not paid (see: FBI: Pysa Ransomware Attacks Target Schools).
Since the pandemic forced schools to switch to online learning, there has been a surge in ransomware attacks against vulnerable educational institutions. A recent report by security firm Emsisoft found that schools were the most targeted ransomware victims in 2020, with 1,681 hacks against colleges and universities (see: Fueled by Profits, Ransomware Persists in New Year).
"Schools across the world are facing more complex cyberthreats as the need for data monitoring and contact tracing become key factors in students returning to in-person classes," says Heather Paunet, a senior vice president at the security firm Untangle. "For those maintaining databases about student transportation, attendance and temperature, encrypting this data or using a tokenization system may help network administrators secure the database and leave personal identifiable information secured in a different place."
Hank Schless, a senior manager at the IT security firm Lookout, says schools are a high-priority target for ransomware gangs because they're more likely to pay ransoms. "Threat actors know that continuing education for all students is a key focus for public school districts and private institutions alike," Schless says. "This makes schools a high-priority target for ransomware attacks. Education is an essential function, and schools have incorporated various strategies of remote and hybrid learning to make this work. With so much effort put into planning and strategizing, administrators might be more likely to pay the threat actors behind ransomware attacks in order to minimize the disruption they cause."