Surge in cyber attacks on education sector

According to cyber-security firm Darktrace's analysis of more than 100 of its clients in Singapore, education institutions faced 16 times more attacks in April than other often-targeted organisations in the healthcare and retail sectors. ST PHOTO: JA
According to cyber-security firm Darktrace's analysis of more than 100 of its clients in Singapore, education institutions faced 16 times more attacks in April than other often-targeted organisations in the healthcare and retail sectors. ST PHOTO: JASON QUAH

Sector seen as 'soft underbelly' with fewer resources for dedicated security, amid rush to remote learning: Expert

The education sector was the most popular target of hackers in April, when hundreds of thousands of students and teachers had to access online resources daily for remote learning, research from a cyber-security firm has found.

According to Darktrace's analysis of more than 100 of its clients in Singapore, education institutions faced 16 times more attacks than other often-targeted organisations in the healthcare and retail sectors.

Education institutions - including secondary schools, universities, private institutions and research centres - are known to be among the biggest users of Microsoft's remote desktop protocol (RDP), a tool to connect to another computer online.

Across the Singapore organisations analysed, the overall number of RDP attacks increased 68 per cent in the circuit breaker month of April, compared with March, said Darktrace, which has its headquarters in the United States and Britain.

Mr Sanjay Aurora, the firm's senior vice-president and managing director of Asia-Pacific and Japan, said: "Many RDP servers have been rushed out to enable remote working. Attackers are aware of this and are currently targeting devices with badly secured RDP services to launch attacks.

"The fact that RDP is now used so widely, and most often misconfigured, makes it a big issue," he added.

For instance, computer users may not use strong passwords to secure their RDP connections, or they may use default RDP port names that are easy to find and target.

Mr Aurora said hackers may see the education sector as a "soft underbelly" with fewer resources for dedicated security teams.

RDP attacks typically use "brute-force" password guessing techniques to access a target system. This involves trying all possible combinations of usernames and passwords until a correct one is found.

"Compromised RDP hosts are used by cyber criminals to either mount further attacks on other companies, send spam, or try to burrow deeper into the corporate network," said Mr Aurora.

Potential losses include personal data or novel research.

 
 
 

Organisations that have the necessary safeguards did not report any breaches.

For instance, Mr Tan Bee Teck, chief information officer of the Ministry of Education, said it has firewalls to block malware, and anti-virus and anti-malware software on school-issued devices.

Students, teachers and staff have also been reminded to update their anti-virus software and software patches.

Mr Tan said schools have not experienced any successful RDP attacks since the start of home-based learning in April.

A separate 2020 Global Threat Intelligence Report by technology services firm NTT found that 29 per cent of attacks in Singapore last year had targeted the education sector, particularly higher education institutions.

The education sector was the second most targeted by hackers after government, which attracted 38 per cent of all attacks, according to NTT, which monitored more than 4,000 clients across six continents last year.

Mr Neville Burdan, NTT's director of cyber security of Asia-Pacific, said education institutions are seen as a "softer target" than other industries as they may not have enough advanced security protocols to fend off the amount of attacks coming at them.

In the education space, attackers are attracted by the volume of computer resources available, and how they can gain unauthorised access to mine cryptocurrency or spread ransomware, he added.

They are also after valuable data such as projects that companies are funding or government-funded research, he said, adding that data like people's details and credentials can also be stolen to sell on the dark web.

For the government sector, attackers are primarily looking to disrupt critical infrastructure or seeking classified information, said Mr Burdan.

A version of this article appeared in the print edition of The Straits Times on June 26, 2020, with the headline 'Surge in cyber attacks on education sector'. Print Edition | Subscribe