University College London (UCL) was deluged by almost 60 million email attacks during the first three months of 2022 as cybersecurity threats (opens in new tab) continue to grow.
Data obtained via the Freedom of Information Act was analysed by the Parliament Street think tank, which discovered a total of 58,628,604 spam, phishing, malware and edge block attacks during the period.
The onslaught occurred between December 24, 2021 and March 23, 2022 and all attacks were successfully blocked. However, the news underlines the rising cybersecurity threat being faced by higher education institutions.
Microsoft Office 365 vulnerable
Picking through the data, it was found that Edge block, which automatically blocks email messages sent to recipients that do not exist in the Office 365 tenant, accounted for 88 per cent, or 51,445,726 of the malicious attacks that were blocked.
Meanwhile, spam emails made up 6,720,913 of attacks blocked, whilst phishing accounted for 408,212 attacks and malware for 53,753 attempts to compromise UCL’s IT infrastructure.
As a result of increased threats, the National Cyber Security Centre (NCSC) is strongly advising organisations to “follow the actionable steps in the NCSC guidance that reduce the risk of falling victim to an attack.”
Find the best VPN software (opens in new tab).
Cybercriminals targeting education
Tim Sadler, CEO and Co-Founder of Tessian (opens in new tab), commented: “Education institutions are regularly targeted by cybercriminals who want to get hold of the valuable information and data they hold, such as world-leading research, intellectual property, and the personal financial details of thousands of university staff, students and alumni. Due to the people-heavy nature of the industry, and reliance on email to stay connected with one another, phishing is an easy way ‘in’ for these cybercriminals and it quickly leads to loss of data and ransomware attacks.
“In recent years, some universities have ‘paid off’ ransomware cyber attacks, and this could encourage even more to occur. Moving forward, it’s imperative that universities understand the ways in which their staff and their students could be targeted by phishing campaigns, and train them on what to look for. Investment in technology that can warn individuals of threats in their inbox, too, will help people as they continue to study and work remotely.”
Achi Lewis, Area Vice President EMEA, Absolute Software (opens in new tab), commented: “Large institutions represent lucrative targets for cyber criminals, holding vast amounts of sensitive data as well as a large number of endpoint devices. Malicious actors are only looking for one successful attack to compromise that sensitive information on an endpoint or breach or compromise access to a network to cause serious damage.
“It is imperative that organisations are not only aware of these attacks, but also put in place sufficient measures to both prevent attacks, and recover from them should a successful threat land. Utilising a resilient zero-trust approach to verify all users accessing important data, can help stop an attack before it happens. Whilst it is also important to have recovery policies and technologies in place to shut down or freeze infected devices to prevent an attacker accessing other areas of an organisation's IT network.”
Search for the best remote desktop software (opens in new tab).