Australian universities are the world’s most frequently targeted

Australia’s educational institutions are being targeted more aggressively by scammers and cybercriminals than those in any other country, according to figures released in the wake of major attacks that has tied up staff at two prominent universities with incident responses.

During 2018 education was the most frequently targeted industry for adware and Trojan malware – and the second most frequently hit with ransomware – and the trend continued during the first half of this year, according to third-quarter statistics from security firm Malwarebytes Labs.

The .edu.au domain saw more malware detections than any other education domain in the world, the firm said, noting that August had seen a surge of detections that “could indicate the beginning of another surge into Spring”.

Adware was found in 43 percent of detections and backdoor threats in 3 percent of cases during the first half of this year, with Trojans representing 25 percent of all malware detected globally on devices owned by educational institutions.

Australian levels of 21 percent were much higher than those in comparable countries such as Singapore (17 percent) and the UK (5 percent).

The Emotet, Trickbot and Trace Trojans comprised 44 percent of all malware detected during the first half of this year.

“The digitisation of the Australian education industry, and the rise of LMS and eLearning platforms represent fantastic opportunities for schools, universities and students,” Asia Pacific area vice president and managing director Jeff Hurmuses said, “but this also means more devices, both institutional-owned and student-owned connect to the network.”

“Students use an increasing number of devices - on campus, at home and on the go - connecting endpoints to both secure and unknown net works. This increases the risks of devices being infected, putting the institution’s corporate network and the student’s personal data at a greater risk of being compromised”.

Cleanup continues

The figures emerged in the wake of this year’s damaging cybersecurity attacks on Australian Catholic University (ACU) and Australian National University (ANU), which recently published an update describing its ongoing remediation efforts after a breach compromised a massive volume of personal information.

The compromise of ANU was instigated through a spearphishing email that was “shocking in its sophistication,” vice-chancellor Brian Schmidt said in introducing the detailed report [click here to read]. “It did not require the affected staff member to download an attachment or click on the link.”

The attacker had around six weeks to explore the university’s network undetected, but their activity “was contained to a handful of systems”, the report said, noting that “it is clear from the pathway taken by the actor the sole aim was to penetrate [administrative applications on ANU’s Enterprise Systems Domain] and gain unauthorised access.”

Using care and caution, the malicious attacker “evaded detection systems, evolved their techniques during the campaign, used custom malware and demonstrated an exceptional degree of operational security that left few traces of their activities.”

The university is still working to determine what data was stolen, but Schmidt said it was “much less than” original reports that 19 years’ worth of staff and students’ personal information being compromised, and that general administrative documents and research data remained unharmed.

That said, the motivations of the malicious actor were still unclear – but ANU has taken the experience as a learning measure that will guide future cybersecurity hardening.

“While it’s clear we moved quickly to implement hardening and security improvement measures following our first cyber-attack in May 2018,” Schmidt said, “this report shows we could have done more.”