Increasing ransomware attacks against schools, colleges and universities underline the cyber-risks faced by the UK’s education sector and highlight the need for defence-in-depth security. Credit: Skynesher / Getty / Thinkstock The National Cyber Security Centre (NCSC) has warned of a recent increase in ransomware attacks targeting schools, colleges and universities in the UK as the cyberthreats posed to the education sector continue to be laid bare. The alert follows previous NCSC notices of surges in ransomware attacks on UK education during August/September 2020 and February 2021.In a posting on its website, the NCSC stated that it is investigating another increase in ransomware attacks against schools, colleges and universities in May and early June. Attack vectors highlighted include the targeting of networks through phishing emails, VPNs and Remote Desktop Protocol (RDP) endpoints, weak passwords or lack of multifactor authentication (MFA), and exploitation of unpatched bugs or systems like Microsoft Exchange Server. What’s more, attackers are increasingly using tools such as Mimikatz, PsExec, and Cobalt Strike to enable lateral movement and privilege escalation once they’ve infected a network, the NCSC added.Cyberthreats faced by the UK education sectorThe threats posed by ransomware and other cyberattacks to organisations of all types are stark, but they take on specific significance for those in the UK education industry. “Schools, colleges, and universities tend to have comparatively low cybersecurity budgets, a broad range of open technology needs, quite a bit of remote access and users that range from wannabe hackers to people who tape their passwords to the back of their smartphones,” cybersecurity advisor, thought leader, and author Raef Meeuwisse tells CSO. “These factors also make it harder for the security functions inside such institutes to implement effective countermeasures against ransomware and other forms of cyberattack.”In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing, the NCSC wrote in its blog. Dr. Jason R.C. Nurse, assistant professor in cybersecurity at the University of Kent, adds: “As educators possess sensitive data on students, teachers, and exams, and often run some time-critical services (May and June are exam periods in many universities), they may be seen as particularly attractive targets. The reality is that ransomware attacks on the education sector have been conducted for some time, but there’s clearly been a recent surge.”Kevin Curran, professor of cybersecurity, Ulster University and senior member, Institute of Electrical and Electronics Engineers, adds that phishing remains the key method by which ransomware attacks on the education sector are carried out. “Many phishing techniques are designed to be effective, as many individual’s environments have changed and they are more susceptible to attacks. These attacks use tailored techniques, dynamic websites and regularly updated methods to remain undetected to those mostly untrained and working from home. The result is a series of attacks that have an alarmingly high success rate, yet a relatively low detection rate.” Defence-in-depth ransomware protectionThe latest ransomware activity emphasises the need for organisations in the education sector to protect their networks to better prevent and defend against attacks, the NCSC said. In updated guidance, it urged those responsible for IT and data protection within education establishments to adopt a “defence in depth” approach, focusing on factors including effective vulnerability management and patching procedures, secure RDP services using MFA, effective antivirus, up-to-date and tested offline backups, and practiced attack response exercises.“It’s great to see the guidance from the NCSC as it covers all of the key actions that organisations must take to better prevent against, and respond to, such incidents,” adds Nurse. “It really comes down to having strong preventative measures to protect against attacks but also appropriate measures to be able to recover as quickly as possible. The NIST Cybersecurity Framework lifecycle is a good starting point to address threats, encompassing identify, protect, detect, respond, and recover.”Concludes Meeuwisse, user education about security can also be a very effective and low-cost defensive tool—if the messages are clear and concise. “The more you can get people to ensure they operate securely (for example, by keeping copies of the data they consider critical for their own roles)—the less risk the overall environment will have.” Related content news UK CSO 30 Awards 2023 winners announced By Romy Tuin Dec 05, 2023 4 mins CSO and CISO news analysis Deepfakes emerge as a top security threat ahead of the 2024 US election As the US enters a critical election year, AI-generated threats, particularly deepfakes, are emerging as a top security issue, with no reliable tools yet in place to combat them. By Cynthia Brumfield Dec 05, 2023 7 mins Election Hacking Government Security Practices feature How cybersecurity teams should prepare for geopolitical crisis spillover CISOs can anticipate and prepare for cyberattacks conducted by participants in geopolitical conflict such as the Israel/Hamas war by understanding the threat actors' motivations and goals. By Christopher Whyte Dec 05, 2023 12 mins Advanced Persistent Threats Threat and Vulnerability Management Risk Management news analysis P2Pinfect Redis worm targets IoT with version for MIPS devices New versions of the worm include some novel approaches to infecting routers and internet-of-things devices, according to a report by Cado Security. By Lucian Constantin Dec 04, 2023 5 mins Botnets Hacker Groups Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe