From education to employment

UCL blasted by nearly 60 million emails in Q1

Male sat on computer

University College London (UCL), a leading research institution, faced almost 60 million malicious email attacks in the first three months of 2022, according to official figures.

The data, which was obtained through the Freedom of Information (FOI) Act and analysed by the Parliament Street think tank, revealed that a total of 58,628,604 spam, phishing, malware and edge block attacks were successfully blocked by the university between 24thDecember 2021 and 23rdMarch 2022. 

Edge block, which automatically blocks email messages sent to recipients that do not exist in the Office 365 tenant, accounted for 88 per cent, 51,445,726, of malicious attacks blocked. 

Spam emails made up 6,720,913 of attacks blocked, whilst phishing accounted for 408,212 attacks and malware for 53,753 attacks. 

UCL stated that they only keep records for the number of blocked emails for 90 days. 

The news comes amidst rising cyber fears amongst higher education institutions, with the National Cyber Security Centre (NCSC) strongly advising organisations to “follow the actionable steps in the NCSC guidance that reduce the risk of falling victim to an attack.” 

Tim Sadler, CEO and Co-Founder of Tessian, commented: 

“Education institutions are regularly targeted by cybercriminals who want to get hold of the valuable information and data they hold, such as world-leading research, intellectual property, and the personal financial details of thousands of university staff, students and alumni. Due to the people-heavy nature of the industry, and reliance on email to stay connected with one another, phishing is an easy way ‘in’ for these cybercriminals and it quickly leads to loss of data and ransomware attacks. 

“In recent years, some universities have ‘paid off’ ransomware cyber attacks, and this could encourage even more to occur. Moving forward, it’s imperative that universities understand the ways in which their staff and their students could be targeted by phishing campaigns, and train them on what to look for. Investment in technology that can warn individuals of threats in their inbox, too, will help people as they continue to study and work remotely.” 

Achi Lewis, Area Vice President EMEA, Absolute Software, commented:  

“Large institutions represent lucrative targets for cyber criminals, holding vast amounts of sensitive data as well as a large number of endpoint devices. Malicious actors are only looking for one successful attack to compromise that sensitive information on an end point or breach or compromise access toa network to cause serious damage.

“It is imperative that organisations are not only aware of these attacks, but also put in place sufficient measures to both prevent attacks, and recover from them should a successful threat land. Utilising a resilient zero-trust approach to verify all users accessing important data, can help stop an attack before it happens. Whilst it is also important to have recovery policies and technologies in place to shut down or freeze infected devices to prevent an attacker accessing other areas of an organisation’s IT network.”

Sector Response

 Andy Robertson, Head of Fujitsu Cyber Security, Fujitsu UK&I said:

“Universities and research centres make for attractive targets to cyber criminals. They are often under resourced from a security perspective, and criminals are increasingly exploiting this concept – in fact, just last month, the Department for Digital, Culture, Media and Sport (DCMS) found that while 39% of businesses have identified breaches or attacks in the last 12 months, 93% of higher education had identified breaches or attacks in the last 12 months.

“Whilst universities have a balance to strike between functionality and security, there are some simple measures that can be implemented which should be part of their security DNA as they build-in new ways to serve their students.

“Going forward, universities need to offer the same protection and guarantees to their students as big companies do to their clients and customers. To do so means being able to identify equally sophisticated and proactive methods to protect themselves– both from a technical and people standpoint. For instance, organisations should review their high privilege accounts, who has access to them, and evaluate when the passwords were last changed. Technology, like a Privileged Access Management (PAM) solution, is an important security measure that organisations can place in front of system administration interfaces to manage and monitor high value systems and user accounts.

“And with employees and students working and studying in hybrid ways, meaning they regularly use their own devices and Wi-Fi, it’s critical they implement security tools such as Multi-Factor Authentication (MFA) and Conditional Access (CA) to data. These tools allow education institutions to set policies that control who can connect, where they can connect from and from what devices. However, technology can’t be the sole method of protection. Students and staff will always be the front line of defence. To stand the best chance of protection, they need to be given the tools and training to identify cyber criminals. Upskilling them and making them aware of the cyber threats will be one of the most effective ways to reduce the risk of cyber-attacks.”

Nelson Ody, Product Manager, Cyber Security at RM, leading education technology specialist:

“Following the news that the University College London (UCL) faced such a vast amount of email attacks, it is vital higher education sees this as a reminder to remain vigilant. With COVID being a catalyst in the drive for new technologies – meaning many more teachers and students are digitally present – cyber criminals now have more opportunities to exploit education institutions. In fact, a recent report from the Department for Digital, Culture, Media and Sport (DCMS) found that while 39% of businesses have identified breaches or attacks in the last 12 months, 93% of higher education had identified breaches or attacks in the last 12 months.

“Yes, many universities and higher education institutions have the essentials in place such as multi-factor authentication, but even with a sophisticated set of controls you can still fall foul of an attack. Going forward, education institutions must ensure they are educating everyone – staff, students, partners, suppliers etc – on the risks of these attacks and what to do to prevent hackers. At RM, we know that phishing is the most common attack, so education on cyber threats, by using phishing simulations, is highly advised when it comes to staying vigilant and being prepared. Ultimately, universities, and similar institutions must treat these attacks as if they were physical – they need to prepare for them like they do a fire drill.”

About Parliament Street

Parliament Street is an innovative think tank dedicated to creating a community of ideas. They aim to give members a high return on involvement through participation. 

Edge Block51445726

Related Articles