Expert Advice To Protect Universities In This New Year Against Latest Iranian Hackers

Yesterday, the Malwarebytes research team published their findings of the threat actor “Silent Librarian,” a group of Iranian hackers with a history of attacking academic institutions that have come back to life to launch a new series of phishing campaigns.  The new attacks were timed to coincide with the start of the new academic years when both students and university staff were expected to be active on university portals. The attacks consisted of emails sent to victims with links to a website posing as the university portal or an associated app, such as the university library. The websites were hosted on sites with lookalike domains, but in reality, collected the victim’s login credentials.

Experts Comments

October 15, 2020
Jamie Boote
Security Consultant
Synopsys
Remote learning is very much like work from home scenarios that organisations have been forced to transition to in recent months. Many classes are being operated via SaaS cloud solutions that students must sign into via SSO. Due to this, third-party cloud management best practices and SSO security considerations are paramount. Infrastructure concerns are a major element in this conversation, as weak infrastructures are ripe for attack. Schools need to accommodate students with weak or no.....Read More
Remote learning is very much like work from home scenarios that organisations have been forced to transition to in recent months. Many classes are being operated via SaaS cloud solutions that students must sign into via SSO. Due to this, third-party cloud management best practices and SSO security considerations are paramount. Infrastructure concerns are a major element in this conversation, as weak infrastructures are ripe for attack. Schools need to accommodate students with weak or no internet connection as well as those who may not have access to devices through which to carry out remote learning protocols. Schools may consider a limited re-opening to account for these students with valid needs by bringing them on-site in a socially distanced, safe arrangement. In a best case scenario, schools currently need to focus on short turnaround enhancements. The budget for the upcoming school year has been set. Contracts initiated now likely won’t land in time for the school year to begin. Because of this, schools must make due with their existing staff, equipment, software, and other resources. A strategy to consider given these constraints include building security awareness training and workshops into the curriculum as a first step. Training should be presented not only to students, but also to staff. Additionally, button up the configurations of existing software and communicate those updates so that everyone remains on the same page that security and privacy are being addressed to the extent possible.  Read Less
October 15, 2020
James McQuiggan
Security Awareness Advocate
KnowBe4
One of the common tactics used by nation-state threat actors or cybercriminals for phishing attacks is to use a similar website address of the target. In this case, it was the university’s research systems. Unfortunately, students do not receive security awareness training as part of their education. Like corporate organisations, educational institutions must provide security awareness training for staff, professors, and students alike to understand how to spot a phishing email, realise what .....Read More
One of the common tactics used by nation-state threat actors or cybercriminals for phishing attacks is to use a similar website address of the target. In this case, it was the university’s research systems. Unfortunately, students do not receive security awareness training as part of their education. Like corporate organisations, educational institutions must provide security awareness training for staff, professors, and students alike to understand how to spot a phishing email, realise what a fake link looks like, and how to report it to the proper department within the school system. As a college professor, I see this curriculum is missing for all enrolled students and needs to be taught in all departments to avoid future cybersecurity incidents.  Read Less
October 15, 2020
Samantha Isabelle Beaumont
Senior Security Consultant
Synopsys
We must ensure that the technology provided to students is actually accessible. Many applications require a strong internet connection to access. If a student lives in a rural setting with poor network or satellite connection then learning solutions suffer from VPN requirements or latency—and we must also take into account those with no access to an internet connection or device from which to work.
October 15, 2020
Sammy Migues
Principal Scientist
Synopsys
Spear phishing will likely increase as distance learning becomes more long-term. Attackers and fraudsters will likely target students with extremely realistic emails for credentials and possibly financial information. Schools and universities need to be prepared for this by educating students on the threats. Schools should consider having an email address in which students can forward suspicious emails and ask whether it’s actually from their institution. While this could lead to thousands.....Read More
Spear phishing will likely increase as distance learning becomes more long-term. Attackers and fraudsters will likely target students with extremely realistic emails for credentials and possibly financial information. Schools and universities need to be prepared for this by educating students on the threats. Schools should consider having an email address in which students can forward suspicious emails and ask whether it’s actually from their institution. While this could lead to thousands of emails received for review, this is part of the burden of taking on distance learning as a business model.  Read Less
October 15, 2020
Chad Anderson
Research Engineer
DomainTools
This resurgence in phishing emails around the start of term further shows how well cybercriminals study their targets and plan their campaigns according to the world around them, utilising social engineering techniques that increase their chance of success. These universities don't need reminding that cybersecurity awareness programmes need to run regularly to minimise the risk of these attacks being successful. The data hosted on university servers automatically makes them one of the most.....Read More
This resurgence in phishing emails around the start of term further shows how well cybercriminals study their targets and plan their campaigns according to the world around them, utilising social engineering techniques that increase their chance of success. These universities don't need reminding that cybersecurity awareness programmes need to run regularly to minimise the risk of these attacks being successful. The data hosted on university servers automatically makes them one of the most appealing targets for advanced persistent threats, aimed at exfiltrating sensitive information and research data, but also for ransomware attacks and other types of disruptive threats. Email filtering systems in place should be cutting edge, and university security teams should also be equipped with tools that give them the capability to proactively investigate these threats and anticipate attackers' next moves. Security worst best when it focuses on prevention, rather than reaction.  Read Less
October 15, 2020
Paul (PJ) Norris
Senior Systems Engineer
Tripwire
Universities are fruitful targets for cyber attackers and malicious actors. Intellectual property theft motivates many of the targeted attacks such as spear phishing academic staff. However, universities have large collections of personally identifiable information for their faculty, staff, and students, and this provides significant motivation for attackers. Employee education is the first line of defense against phishing, but even trained security professionals can be fooled by a.....Read More
Universities are fruitful targets for cyber attackers and malicious actors. Intellectual property theft motivates many of the targeted attacks such as spear phishing academic staff. However, universities have large collections of personally identifiable information for their faculty, staff, and students, and this provides significant motivation for attackers. Employee education is the first line of defense against phishing, but even trained security professionals can be fooled by a well-crafted attack. Organizations should put in place technical controls to prevent and detect successful attacks as well. It’s not enough to simply tell people not to click on dangerous links.  Read Less
October 15, 2020
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin
During the start of an academic year, students and professors alike are often caught in the chaos of a new year. Distractions are plentiful as people reconnect from over the break, and individuals navigate new schedules. Information floods in, typically by email, and unfortunately, recipients are often ill-prepared to determine an authentic email from a malicious one. New students are especially vulnerable as they enter university for the first time and learn about university life. Seeing that .....Read More
During the start of an academic year, students and professors alike are often caught in the chaos of a new year. Distractions are plentiful as people reconnect from over the break, and individuals navigate new schedules. Information floods in, typically by email, and unfortunately, recipients are often ill-prepared to determine an authentic email from a malicious one. New students are especially vulnerable as they enter university for the first time and learn about university life. Seeing that cybercriminals have consistently targeted academic institutions through phishing campaigns, it would be wise for these same institutions to offer support and training. The training really should be provided prior to providing online university portal access. It is only through security awareness training that students and university staff can make better-informed decisions before clicking a link or downloading an attachment. Partnering with IAM trusted providers to implement two-factor authentication reduces associated risks of unauthorised access to university systems as well - when individuals click on phishing sites/links.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.