UK universities at high risk of cybersecurity incidents due to breached credentials

UK universities are at high risk of major cybersecurity incidents launched using breached credentials, according to new research from cybersecurity solutions company Crossword. An analysis of online criminal markets by the firm revealed 2.2 million breached credentials available on the dark web for the top 100 UK institutions, with 57% belonging to the 24 Russell Group Universities, it claims.

The findings come the week after the UK’s University of Manchester suffered a cyber incident in which systems were accessed by an unauthorised party. Meanwhile, the education sector remains a prime target for cyberattacks globally. In January, it was revealed that more than a dozen schools in the UK suffered a cyberattack which led to highly confidential documents being leaked online by cybercriminals. Notorious cybercrime groups such as Vice Society have targeted US colleges and universities in recent ransomware campaigns, with Israel’s Technion University suffering a ransomware attack by a group calling itself DarkBit which forced it to proactively block all communication networks. A New South Wales Audit Office report revealed the financial losses of Australian universities following cyberattacks suffered in 2022.

Cybercriminals targeting UK universities with research facilities

Crossword’s research found that UK research facilities are in the crosshairs of cybercriminals, with 54% of the breached credentials it detected coming from UK universities with research facilities. The location and size of universities has an impact on the extent to which credentials have been breached too, the firm said, with London at substantially more risk with 506,330 (20%) credentials breached. This is followed by the South East  with 334,251 (13%) and Scotland with 306,873 (12%).

Other key findings related to size and location include:

• The top 30 universities are up to 50% more likely to have breached credentials than any other institution in the remaining top 100.
• London universities have more breached credentials (506,330) than Scotland, Wales, and Northern Ireland combined (465,767).

The largest segment of breached credentials by university student population were:

• More than 30,000 students: 38% had 20,000-30,000 breached credentials.
• 20,000-30,000 students: 39% had 10,000-20,000 breached credentials.
• 10,000-20,000 students: 38% had 10,000-20,000 breached credentials.
• 5,000-10,000 students: 29% had 2,000-4,000 breached credentials.

“UK universities and research facilities are among the most respected in the world, and protecting that reputation includes protecting the students, staff, and information that is shared with them for research projects by government, the public and private sector, through effective cybersecurity practices,” said Stuart Jubb, group managing director at Crossword Cybersecurity. “We recognise that these environments are amongst the most uniquely challenging to protect with overlapping requirements for secrecy and openness – so many attack paths need to be factored,” he added.