UK universities targeted by state sponsored cyber attacks

UK universities targeted by state sponsored cyber attacks

Last week the National Cyber Security Centre reported that state sponsored cyber criminals have been targeting UK universities and healthcare organisations with the ultimate goal of stealing information relating to COVID-19 vaccines and research.

Remember – everyone is a target. Even if you are not involved in COVID research, attackers will attempt to compromise your account and use it to infiltrate the organisation.

Since the beginning of the pandemic, criminals have been exploiting various COVID related themes to lend weight to their campaigns. The primary methods used to facilitate these attacks are nothing new, but they are increasing in their efficiency. Here’s what to look out for.

Fake Microsoft Teams notifications

With so many people now working from home, there has been a huge increase in the use of communication platforms such as Microsoft Teams. Criminals have seized the opportunity to craft highly convincing phishing campaigns based on official Teams notification emails. The links in these emails often use complex redirects to avoid alerting spam filters, before taking users to a fake login page where credentials are harvested.

What can you do to protect yourself?

If you see our External email warning banner on what appears to be a Teams notification, contact the Service Desk immediately. Official Teams notifications from Microsoft will not flag this banner.

Password Spraying

There have also been reports of large-scale password spraying where criminals try to obtain the passwords of multiple accounts in one go. They use a script to log into a large number of accounts sequentially using the same common password, and then circle back to the start and try the next password on all accounts.

What can you do to protect yourself?

The best defence against password spraying is to make sure you follow good password management.

Also, make sure your password is not on this list:

Further guidance and help

Find out more about Cyber Security on our Toolkit resource at www.abdn.ac.uk/toolkit/skills/it-security/

If you’re still unsure, or if you would like advice, contact the Service Desk – servicedesk@abdn.ac.uk  or https://myit.abdn.ac.uk.

 

Author: IT Security Team, DDIS