This attack heavily relied on social engineering, and so, highlights the need for institutions to educate staff and students by running phishing exercises and raising awareness of the latest attack vectors through threat intelligence research. In much the same way that dirt is good for the immune system, exposing employees to the techniques used by cyber attackers is extremely important. Furthermore, organisations should also provide staff and students with comprehensive protection from external threats covering network, email, and host-based monitoring to spot attacks, implementing an extra layer of defence. 

For students and staff associated with institutions affected by this attack it is important to remain cautious and act as if your details have been breached until notified otherwise. Also consider the password you utilise for associated accounts, if this has been duplicated on other accounts, this should be changed promptly.

Unfortunately, higher education institutions are at high risk of being targeted by cybercriminals as they harbour highly sensitive information on both individuals as well as on-going, cutting-edge research. Indeed, they are home to some of the most advanced research projects in the world. Moreover, due to a prevalent use of emails and lack of security awareness training among staff and students, the chances of someone falling victim to a phish are rather high. 

This cyber-espionage attempt by the Iranian group, “Charming Kitten”, demonstrates an urgent need to train students and professors alike to spot suspicious emails. Some top tips include checking the email address as well as the sender (if it's from @gmail.com it's probably not a legitimate organisation), looking for grammatical mistakes, or a strange sense of urgency in the messaging. If an individual realises they have been breached, they should immediately take action by changing their personal password and alerting the university.

It’s unusual but not unheard of for malicious actors to contact individuals as part of their attack profile. Earlier this year, for example, young patients at the Vastaamo Clinic in Finland were approached individually by the perpetrator of a Ransomware attack when the company refused to pay them itself. In this case, targeting academics is a fairly safe undertaking as they represent a vast, multinational community and their job is to collaborate. To this end, things like conference invitations are commonplace and a good cover for the attack described by Proofpoint in their report. The best defence for any individual who may be targeted is critical thinking. Always question messages, corroborate information and check credentials independently. It’s often a good idea, if conferences and events make up a substantial part of your work, to set up a separate email account etc. for event registrations to sandbox your regular contact details. Most people do this to stop all of the post-event marketing material but it’s a good protection tool too. I’m sure these types of attacks will grow in popularity as the methodologies become known so getting a head start and training yourself to be circumspect and cautious can only be a good thing.