Surge in cyber attacks in Singapore's education sector in April

Education institutions faced 16 times more attacks than other often-targeted organisations in the healthcare and retail sectors. PHOTO: UNSPLASH

SINGAPORE - The education sector was the most popular target of hackers in April, when hundreds of thousands of students and teachers had to access online resources daily for remote learning, research from a cyber security firm has found.

According to Darktrace's analysis of more than 100 of its clients in Singapore, education institutions faced 16 times more attacks than other often-targeted organisations in the healthcare and retail sectors.

Education institutions - including universities, secondary schools, private institutions and research centres - are known to be among the biggest users of Microsoft's remote desktop protocol (RDP), a tool to connect to another computer online.

Across the Singapore organisations analysed, the overall number of RDP attacks increased 68 per cent in the circuit-breaker month of April, compared with March, said Darktrace, which has headquarters in the United States and Britain.

Mr Sanjay Aurora, the firm's senior vice-president and managing director of Asia-Pacific and Japan, said: "Many RDP servers have been rushed out to enable remote working. Attackers are aware of this and are currently targeting devices with badly-secured RDP services to launch attacks.

"The fact that RDP is now used so widely and most often misconfigured makes it a big issue."

For instance, computer users may not use strong passwords to secure their RDP connections, or they may use default RDP port names that are easy to find and target.

Mr Aurora said that hackers may see the education sector as a "soft underbelly" with fewer resources for dedicated security teams.

RDP attacks typically use "brute-force" password guessing techniques to access a target system. This involves trying all possible combinations of usernames and passwords until a correct one is found.

"Compromised RDP hosts are used by cyber criminals to either mount further attacks on other companies, send spam, or try to burrow deeper into the corporate network," said Mr Aurora.

Potential losses include personal data or novel research.

Organisations that have the necessary safeguards did not report any breaches.

For instance, Mr Tan Bee Teck, the Ministry of Education's chief information officer, said it has firewalls to block malware, and anti-virus and anti-malware software on school-issued devices. Teachers, staff and students have also been reminded to update their antivirus software and software patches.

Mr Tan said schools have not experienced any successful RDP attacks since the start of home-based learning in April.

A separate 2020 Global Threat Intelligence Report by technology services firm NTT found that 29 per cent of attacks in Singapore had targeted the education sector, particularly higher education institutions, last year (2019).

The education sector was the second most-targeted by hackers after government, which attracted 38 per cent of all attacks, according to NTT, which monitored more than 4,000 clients across six continents last year.

Mr Neville Burdan, NTT's director of cyber security in Asia-Pacific, said education institutions are seen as a "softer target" than other industries as they may not have enough advanced security protocols to fend off the amount of attacks coming at them.

In the education space, attackers are attracted by the volume of computer resources available, and how they can gain unauthorised access to mine cryptocurrency or spread ransomware, he added.

They are also after valuable data like projects that companies are funding or government-funded research, he said, adding that data like people's details and credentials can also be used to sell on the dark web.

In the government sector, attackers are primarily looking to disrupt critical infrastructure, or for classified information, said Mr Burdan.

Join ST's WhatsApp Channel and get the latest news and must-reads.