NUS staff hit by 'spear phishing' in new cyber attacks

PCs of two employees, including researcher involved in project funded by Mindef, affected, but 'no sign of malware or data loss'

More bugs may be released: Hacking group

A fresh round of cyber attacks has been made on National University of Singapore (NUS) computers, just weeks after the discovery that hackers had broken into its networks - and those of Nanyang Technological University (NTU) - to steal government and research data.

The Straits Times learnt that the fresh attacks this week compromised the computers of at least two employees, including a researcher involved in a security project funded by the Ministry of Defence.

NUS computer science research fellow Prosanta Gope's computer was hacked on Tuesday after he clicked on a link in a "spear phishing" e-mail from another colleague whose computer had also been hacked. Dr Gope's account was, in turn, used to send out more phishing e-mails to other colleagues.

Spear phishing is the fraudulent practice of sending e-mail, ostensibly from a known or trusted sender, to trick targeted individuals to reveal information, click on malware-infected links or open infected attachments.

The phishing e-mail sent from Dr Gope's account read: "Your NUS e-mail account has been blacklisted and you are required to verify your account." The message was signed off by "NUS Admin Team" and a link provided for unsuspecting users to click.

When contacted, an NUS spokesman said the phishing attempts were not related to the attacks discovered last month, or the global WannaCry ransomware attack at the past weekend.

We did not find signs of malware or data loss," she said, declining to provide more details. She noted that access to the phishing website has since been blocked and passwords changed.

"The NUS community receives regular advisories on good cyber and information security practices, including how to spot and report phishing e-mails," the spokesman added.

One NUS lecturer, who received the phishing e-mail, told The Straits Times on condition of anonymity: "Phishing is very common here, but it is getting harder to identify a fake. Even an expert was tricked."

The motives behind the latest intrusions are not known. But the cyber attacks on the universities last month were believed to be a roundabout way of getting hold of government-related information, as NTU and NUS are involved in projects for the defence, foreign affairs and transport sectors. The varsities maintain that no classified information or personal data was stolen.

Mr Aloysius Cheang, executive vice-president of global computing security association Cloud Security Alliance, said organisations tend to overlook user education on cyber security matters.

"An organisation's security is only as strong as its people and education programme," he said.

Mr Amir Ofek, chief executive of Israeli cyber security services firm CyberInt, agreed: "You should never get too complacent."

Join ST's Telegram channel here and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on May 18, 2017, with the headline NUS staff hit by 'spear phishing' in new cyber attacks. Subscribe