Latest Update: NCA announces Lancaster University attacker has been arrested
The National Crime Agency recently announced that it has arrested a 25-year-old man from Bradford on suspicion of being behind the cyber incident involving Lancaster University.
"Officers from the NCA’s National Cyber Crime Unit (NCCU) arrested the man on Monday (22 July) and he has since been released under investigation while enquiries are ongoing," it said, adding that the arrest has been made under the Computer Misuse Act.
Lancaster University announced on Monday that it suffered "a sophisticated and malicious phishing attack" that compromised student applicant data records for 2019 and 2020 entry as well as student records and ID documents that were stored in its student records system.
The university said that malicious actors, who are yet to be identified, are sending fraudulent invoices to undergraduate applicants and by doing so, have been able to obtain names, addresses, telephone numbers, and email addresses of a number of undergraduate student applicants.
It also determined that its student records system was breached and hackers were able to access records and ID documents of "a very small number of students".
"We acted as soon as we became aware that Lancaster was the source of the breach on Friday and established an incident team to handle the situation. It was immediately reported to the Information Commissioner’s Office," the university said.
"Since Friday we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected. This work of our incident team is ongoing as is the investigation by law enforcement agencies."
Phishing attack targeting Lancaster University could be the work of nation-state actors
Richard Cassidy, Senior Director Security Strategy at Exabeam, said that the phishing attack targeting Lancaster University could be part of a much wider mission carried out by nation-state actors to target universities that run GCHQ approved cyber security BSc/MSc’s. By gaining access to such knowledge, these groups would better serve more sophisticated malware and targeted attacks in future.
In March last year, the National Cyber Security Centre has warned that the Mabna Institute based in Iran was targeting UK universities primarily for the purposes of intellectual property theft.
NCSC said in a press release that "assesses with high confidence that the Mabna Institute are almost certainly responsible for a multi-year Computer Network Exploitation (CNE) campaign targeting universities in the UK, the US, as well as other Western nations, primarily for the purposes of intellectual property (IP) theft."
“The UK Government judges that the Mabna Institute based in Iran was responsible for a hacking campaign targeting universities around the world. By stealing intellectual property from universities, these hackers attempted to make money and gain technological advantage at our expense," said Lord Tariq Ahmad, the Foreign Office Minister for Cyber.
A Freedom of Information request by The Times also revealed that in 2016-17, universities in the UK were targeted by as many as 1,152 phishing, DDoS, and ransomware attacks. The number of cyber-attacks on premier universities doubled in two years and also affected noted institutions like Oxford, Warwick and University College London.