Universities have been urged to be more proactive in looking for patient computer hackers who break into systems and then pass on access to others.
The warning comes amid rising cyberattacks and as universities become increasingly dependent on their online systems for daily teaching and research.
Raimund Vogl, president of the non-profit European University Information Systems, told Times Higher Education that staff need to step up scanning for “lurking” attackers.
He said telltale signs could be the use of the anonymising internet browser The Onion Router, a free piece of software that may also be used innocently by activists or researchers.
Dr Vogl, who is also chief information officer at the University of Münster, said all university staff should be given multifactor authentication, which requires more than a single password to log in, rather than reserving it only for powerful administrator accounts.
“Lurking invaders infiltrating through unprivileged common accounts that are hanging around for many months will inadvertently get a chance sometimes…this channel has to be closed,” he said.
Universities’ size and complexity means hackers who break into systems are unlikely to exploit the access themselves. Instead, groups typically sell a route in to organised criminals who specialise in ransoming universities’ data.
“It happens quite often that nobody buys that kind of access for a couple of weeks or even months,” said Jasper Bongertz, head of incident response for the IT security company G Data Advanced Analytics.
He said the longest delay between a group gaining access and files being encrypted and ransomed was two years, adding that the last two university attacks the company had handled, one of which was at Münster, were stopped before files could be encrypted.
Mr Bongertz said no criminal groups set out to target universities but that a handful had become specialised in monetising such hacks through an understanding of what data is most precious to the institution.
The company noticed that hackers attacking a recent university client specifically targeted data relating to renewable energy research. “This is something that could point to a state-sponsored interest behind that group,” he said.
Mr Bongertz said universities should look out for a vulnerability in the popular logging framework Log4J, used for writing programmes in the Java language.
“Nobody can tell for sure if all the applications running in the university are using Log4J, or if it’s patched,” he said, referring to updates that fix the issue. “This is something that will probably be exploited for at least a couple of years.”
Recent years have seen spikes in cyberattacks, with public authorities asking universities to be particularly vigilant. Attacks in the Netherlands, Germany and Belgium have prompted calls for institutions to join forces to better defend themselves.
Because of their openness, the data held by universities are often less desirable for highly skilled, state-sponsored attackers, who tend to favour politicians or organisations with direct access to them, Mr Bongertz said.
Such attackers seek to remain undetected, allowing them to comb systems for files that contain a specific keyword, rather than outing themselves by issuing a ransom.
Register to continue
Why register?
- Registration is free and only takes a moment
- Once registered, you can read 3 articles a month
- Sign up for our newsletter
Subscribe
Or subscribe for unlimited access to:
- Unlimited access to news, views, insights & reviews
- Digital editions
- Digital access to THE’s university and college rankings analysis
Already registered or a current subscriber? Login