Iranian hackers attack U.K. cybersecurity universities

December 10, 2022

To perform an attack, hackers’ foxery is not enough. And some security incidents would not take place if victims took different actions. Yes, we are talking about human factors, and this is the centerpiece of the recent series of attacks on U.K. universities.

According to security experts, at least 18 British universities have been targets as a part of the cyberattack campaign that has lasted in the last few months. Among the educational institutions, there were both educational giants, such as Warwick and Lancaster, and less famous universities that are also certified by the National Cyber Security Centre (NCSC) to provide degrees in cybersecurity.

The malefactors sent their victims with U.K. universities’ log-ins fake emails offering government-certified cybersecurity courses. A victim had to log in, thereby consigning his or her credentials to attackers. In order to curry the favor of the mail recipients, the hackers made the emails seem genuine and constructed spoofed websites. These looked similar to the original web pages of educational organizations. What is more, hackers also used the internet’s padlock certificate system. Many users still believe a padlock sign in their browser means the site is safe to visit. In fact, this does not guarantee any safety as the site itself can be malicious.

A Warwick University spokesman said that there was no evidence of any data leakage of valuable data. Lancaster officials commented that the university operatively blocked the suspicious links. All the targeted individuals were notified right after that.

The Iranian hackers supposedly dealt with a previous major campaign that affected a number of universities earlier this year.

Earlier this year, the US Department of Justice charged nine Iranians with attacks on educational institutions and claimed that the “Mabna Institute” group had stolen 31 terabytes of confidential academic information from universities in 22 countries. Since then, security experts have been tracking new fake web pages the same hacking group surpassingly produced. The latest accidents show that the attack attempts did not stop.

At some point, such an incident can occur to anyone. So, it is essential to understand what to do in advance to be safe in a similar situation.

First of all, we are not talking now about data breaches that normally affect large databases: in such a case, it would be simply recommended to use encryption. But here we deal with an individual theft of credentials; in other words, if a victim is fooled, he or she single-handedly passes the critical data to a malefactor. Unfortunately, it is impossible to insulate all the employees (and students, speaking about the educational sector) from being deceived by fake login pages, but here multi-factor authentication is a solution. If a website uses 2FA, a malefactor will not be able to log into another person’s account even possessing the stolen credentials.

Secondly, it is worth accentuating how important employees’ and students’ awareness is. While the total number of security breaches caused by human factor has reduced recently, it is essential to provide people with the information necessary for detecting phishing attempts and avoiding falling victims of malefactors. You should understand that as long as people become more and more aware of phishing techniques, hackers also do not procrastinate over their spoofing skills.

To sum up, paying attention to issues of the human factor is as important as any other cybersecurity aspect. It is never possible to say for sure when an attack will happen to you and the only solution to prevent such situations in the future is to care about your security in advance.

Contact us

*Average response time is 6 hours