Expert Advice To Protect Universities In This New Year Against Latest Iranian Hackers

Yesterday, the Malwarebytes research team published their findings of the threat actor “Silent Librarian,” a group of Iranian hackers with a history of attacking academic institutions that have come back to life to launch a new series of phishing campaigns.  The new attacks were timed to coincide with the start of the new academic years when both students and university staff were expected to be active on university portals. The attacks consisted of emails sent to victims with links to a website posing as the university portal or an associated app, such as the university library. The websites were hosted on sites with lookalike domains, but in reality, collected the victim’s login credentials.

Notify of
7 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Niamh Muldoon
Niamh Muldoon , Senior Director of Trust and Security EMEA
InfoSec Expert
October 15, 2020 7:10 pm

During the start of an academic year, students and professors alike are often caught in the chaos of a new year. Distractions are plentiful as people reconnect from over the break, and individuals navigate new schedules. Information floods in, typically by email, and unfortunately, recipients are often ill-prepared to determine an authentic email from a malicious one. New students are especially vulnerable as they enter university for the first time and learn about university life. Seeing that cybercriminals have consistently targeted academic institutions through phishing campaigns, it would be wise for these same institutions to offer support and training. The training really should be provided prior to providing online university portal access. It is only through security awareness training that students and university staff can make better-informed decisions before clicking a link or downloading an attachment. Partnering with IAM trusted providers to implement two-factor authentication reduces associated risks of unauthorised access to university systems as well – when individuals click on phishing sites/links.

Last edited 1 year ago by Niamh Muldoon
Paul (PJ) Norris
Paul (PJ) Norris , Senior Systems Engineer
InfoSec Expert
October 15, 2020 7:13 pm

Universities are fruitful targets for cyber attackers and malicious actors. Intellectual property theft motivates many of the targeted attacks such as spear phishing academic staff. However, universities have large collections of personally identifiable information for their faculty, staff, and students, and this provides significant motivation for attackers.

Employee education is the first line of defense against phishing, but even trained security professionals can be fooled by a well-crafted attack. Organizations should put in place technical controls to prevent and detect successful attacks as well. It’s not enough to simply tell people not to click on dangerous links.

Last edited 1 year ago by Paul (PJ) Norris
Chad Anderson
Chad Anderson , Research Engineer
InfoSec Expert
October 15, 2020 7:14 pm

This resurgence in phishing emails around the start of term further shows how well cybercriminals study their targets and plan their campaigns according to the world around them, utilising social engineering techniques that increase their chance of success.

These universities don\’t need reminding that cybersecurity awareness programmes need to run regularly to minimise the risk of these attacks being successful. The data hosted on university servers automatically makes them one of the most appealing targets for advanced persistent threats, aimed at exfiltrating sensitive information and research data, but also for ransomware attacks and other types of disruptive threats.

Email filtering systems in place should be cutting edge, and university security teams should also be equipped with tools that give them the capability to proactively investigate these threats and anticipate attackers\’ next moves. Security worst best when it focuses on prevention, rather than reaction.

Last edited 1 year ago by Chad Anderson
Sammy Migues
Sammy Migues , Principal Scientist
InfoSec Expert
October 15, 2020 7:20 pm

Spear phishing will likely increase as distance learning becomes more long-term. Attackers and fraudsters will likely target students with extremely realistic emails for credentials and possibly financial information. Schools and universities need to be prepared for this by educating students on the threats.

Schools should consider having an email address in which students can forward suspicious emails and ask whether it’s actually from their institution. While this could lead to thousands of emails received for review, this is part of the burden of taking on distance learning as a business model.

Last edited 1 year ago by Sammy Migues
Samantha Isabelle Beaumont
Samantha Isabelle Beaumont , Senior Security Consultant
InfoSec Expert
October 15, 2020 7:22 pm

We must ensure that the technology provided to students is actually accessible. Many applications require a strong internet connection to access. If a student lives in a rural setting with poor network or satellite connection then learning solutions suffer from VPN requirements or latency—and we must also take into account those with no access to an internet connection or device from which to work.

Last edited 1 year ago by Samantha Isabelle Beaumont
James McQuiggan
James McQuiggan , Security Awareness Advocate
InfoSec Expert
October 15, 2020 7:28 pm

One of the common tactics used by nation-state threat actors or cybercriminals for phishing attacks is to use a similar website address of the target. In this case, it was the university’s research systems. Unfortunately, students do not receive security awareness training as part of their education.

Like corporate organisations, educational institutions must provide security awareness training for staff, professors, and students alike to understand how to spot a phishing email, realise what a fake link looks like, and how to report it to the proper department within the school system.

As a college professor, I see this curriculum is missing for all enrolled students and needs to be taught in all departments to avoid future cybersecurity incidents.

Last edited 1 year ago by James McQuiggan
Jamie Boote
Jamie Boote , Security Consultant
InfoSec Expert
October 15, 2020 7:38 pm

Remote learning is very much like work from home scenarios that organisations have been forced to transition to in recent months. Many classes are being operated via SaaS cloud solutions that students must sign into via SSO. Due to this, third-party cloud management best practices and SSO security considerations are paramount. Infrastructure concerns are a major element in this conversation, as weak infrastructures are ripe for attack.

Schools need to accommodate students with weak or no internet connection as well as those who may not have access to devices through which to carry out remote learning protocols. Schools may consider a limited re-opening to account for these students with valid needs by bringing them on-site in a socially distanced, safe arrangement.

In a best case scenario, schools currently need to focus on short turnaround enhancements. The budget for the upcoming school year has been set. Contracts initiated now likely won’t land in time for the school year to begin. Because of this, schools must make due with their existing staff, equipment, software, and other resources. A strategy to consider given these constraints include building security awareness training and workshops into the curriculum as a first step. Training should be presented not only to students, but also to staff. Additionally, button up the configurations of existing software and communicate those updates so that everyone remains on the same page that security and privacy are being addressed to the extent possible.

Last edited 1 year ago by Jamie Boote
Information Security Buzz
Would love your thoughts, please comment.x