Universities leading Covid-19 fight hit with millions of email attacks last year

Universities leading the fight against #Covid_19 virus successfully blocked millions of phishing and malware attacks last year, according to official figures 

UK universities leading the fight against the Covid-19 outbreak successfully blocked millions of cyber assaults last year, according to official figures. This is according to official figures analysed by the Parliament Street Think Tank, one of the UK’s leading think tanks, as part of an upcoming report into cyber attacks into UK Universities.

The data, obtained under Freedom of Information (FOI) legislation, revealed that The London School of Hygiene and Tropical Medicine, which is leading the fight against the Covid-19 outbreak, was hit with an average of 6,386,868 email attacks on average last year, all of which were successfully blocked. The information shows that the university successfully quarantined a variety of sophisticated email attacks, including phishing and malware assaults, totalling 12,773,735 throughout 2018 and 2019.

Across 2018 and 2019, The London School of Hygiene and Tropical Medicine reported that it experienced an average of 73,598 malware attacks, 98,928 phishing attacks and 1,725,262 tagged attacks. Additionally, 10,875,947 emails were detected and blocked by the organisation’s spam filter.

Other universities involved in leading the Covid-19 research were also attacked in 2019. Due to the way in which data is recorded, some Universities could only provide data from the final quarter of 2019. Warwick University was hit with a total of 7,642,935 email attacks in the final quarter of 2019 alone which included 7,227,972 spam attacks, 10,335 malware emails and 404,628 phishing reports.

Bristol University was another university that experienced a substantial amount of cyber-attacks in the form of malicious emails in the final quarter of 2019. The total number of messages blocked as spam or malicious is 7,612,895. Of these, 79,340 were blocked specifically due to anti-virus or malware and 7,533,213 were recognised as spam and junk. The data did not specifically differentiate phishing messages.

In addition, Lancaster Uni accepted around 11 million emails classed as legitimate and rejected around 57 million emails for a variety of reasons including, detected phishing or malware attempts across 2019. This university marked around 1 million emails as suspected spam.

Additionally, Imperial College had 39,798,909 emails blocked by its system in 2019.

Andy Harcup, VP, Absolute Software, comments:

“There figures are another reminder of the huge volume of cyber attacks faced by academic institutions as well as businesses. The harsh reality is that the Covid-19 outbreak will only make it harder for organisations to keep hackers at bay, particularly with a sharp increase in remote working, with many staffers logging-on with personal devices at home.

Having an entire company working from home brings with it inevitable security risks, so employers should ask key questions about whether their devices all have anti-malware systems and encryption turned on and correctly configured.  It’s also critical to ensure that VPNs and remote desktop applications are correctly secured and be able to fix bugs as well as neutralising risks. The fact remains that many endpoint devices often run outdated or vulnerable applications, with many having misconfigured VPNs which are out of date or non-compliant.”

Tim Sadler, CEO, Tessian, comments:

“Phishing attacks have become a persistent hazard for universities in the past year. And as the impact of Covid-19 continues to spread, the number of attacks on these institutions will only grow as hackers take advantage of the fact that researchers will be busier and more distracted than ever. Hackers love times of uncertainty and emergency, preying on people’s fears to launch targeted attacks via email. During this crisis, university bosses must find ways to protect their people, and staff need to be vigilant in identifying and reporting suspected scam emails. If something looks suspicious, do not click the link, download the attachment, or comply with the request. Verify the identity of the sender and the legitimacy of the message before taking any action.”