Hacker groups are constantly bombarding British universities with cyber-attacks to steal valuable material on intellectual property and disruptive technologies.
Universities in the UK were targeted by as many as 1,152 phishing, DDoS, and ransomware attacks in 2016-17.
A Freedom of Information request by The Times has revealed the true extent of cyber threats faced by universities and other educational institutions in the UK. As per official records, there were as many as 1,152 cyber-attacks faced by universities in 2016-17.
A closer look at the data reveals that hackers or hacker groups behind such cyber-attacks were interested in getting their hands on valuable research material, including those on novel fuels, efficient batteries and intellectual property that carry great value in the market. Some cyber-attacks were also aimed at extracting cash from universities.
The number of cyber-attacks on premier universities doubled in two years and also affected noted institutions like Oxford, Warwick and University College London. These cyber-attacks ranged from DDoS attacks and phishing campaigns to ransomware attacks.
"Universities drive forward a lot of the research and development in the UK. Intellectual property takes years of knowhow and costs a lot. If someone can get that very quickly, that's good for them," said Carsten Maple, director of cyber security at the University of Warwick to The Times.
Dr Anton Grashion, head of security practice at Cylance, told BBC that most universities have small security and staffing budgets which makes securing their network environments a challenging task in the face of an increase in security breaches.
According to research by Barracuda, 76% of all ransomware attacks on individuals and educational institutions were conducted using phishing emails. Recently, hackers impersonated the Student Loans Company on emails to extract personal details of hundreds of new and existing university students. Fortunately, the company as well as Action Fraud detected the scam on time and released advisories to students and the general public.
'Phishing is no academic issue, it is big business for criminal gangs and students are a prime target for scams such as this,' says Tim Ayling, Director of EMEA, Fraud and Risk Intelligence at RSA Security.
'Young and old alike, the British public needs to have greater awareness of spoofing attacks and take better care to protect themselves online. Much of this comes down to basic security hygiene. Our advice would be: first and foremost, avoid clicking on links to websites from emails and any unknown sources,' he adds.
Ayling also suggests that people should always check address bars on websites to ensure they are visiting secure sites and that such sites are genuine and not fake sites aimed at manipulating unsuspecting users.