If you’ve followed data breaches over the years you will already know that no industry is safe from cyber threats. But what may be surprising to you is the amount of attacks and hackers who target universities and state & local governments. In one report, state and local government received, on average, 3 ransomware attacks per day. One government entity in Texas disclosed that it faced 10,000 attempts to probe their systems every minute.
In addition to the sheer volume and intensity of these attacks, the trend over time is that the amount of cyber attacks is increasing at an alarming rate. In 2020, cyber attacks on schools increased by 18% since the year prior. According to GCN, cyber attacks have increased by 50% over the past 3 years.
Why target universities and state & local governments? What do hackers gain by targeting universities and local governments?
Here are 3 Reasons Why Hackers Target Universities and State & Local Governments:
- Perceived Lack of Security
- Useful as Attack Launch Point and Command & Control
- Valuable Information to Steal
Perceived of Lack of Security
Funds and spending budgets can be somewhat limited for government or non-profit/private universities. There is a common belief – whether true or not – that security teams in state and local governments and universities are underfunded and therefore the organization is unsecure. So hackers, as opportunists, often view these organizations as low hanging fruit. However, this alone is not reason enough for hackers to go after it, there needs to be something of value.
Useful as Attack Launch Point and Command and Control
Hackers often take advantage of “low hanging fruit” in order to set up an attack infrastructure that can be used to obfuscate where the attack is coming from. It is not in the hackers’ interest to launch attacks against a particular organization directly from one’s own computer and terminal as the attack can be easily traced back.
Universities, in particular, are very popular locations to use as the attack hop points, as well as command and control (C2) nodes and data exfiltration points. This is because there are often wide-open segments on the network that generate a large amount of traffic. For example, a DNS server at a university library on the student network typically produce very large amounts of data during a normal day. Installing command and control tools and gaining remote access on such devices are less likely to be noticed than if they were installed and operating on a quieter device.
On top of that, many networks at colleges such as those that serve the student dorms have decreased security restrictions for ease of use by the students. On such networks it is not uncommon to see large amounts of torrent, file sharing, and TOR activity, for example. Thus, hackers can also use such services for their purposes and the security administrators may consider the activities as “normal.”
We also see similar activity in state and local governments, though perhaps to a bit lesser extent. However, any network that processes a large amount of internet traffic, such as the DMV, are often targeted and used in the same manner.
Valuable Information to Steal
Hackers do not only go after these organizations because they are useful as part of their attack infrastructure. Universities and governments also have valuable information that can be stolen. Universities are obvious targets for information, particularly those that perform a large amount of cutting-edge research.
APT’s generally have two primary motivations: espionage and intellectual-property theft. Universities have valuable information that suit both of those classifications. Why develop your own technology when you can just steal it from those who already built it? That seems to be the mantra of APT hackers.
Governments and colleges have useful personal information (PII) on residents and students and maintain legal, driving, health and other records that can be used for any number of purposes ranging from identity theft to blackmail.
Finally, as exemplified by the controversy of Russian meddling in the 2016 Presidential elections, there is significant opportunity for hackers to influence or throw into doubt America’s electoral processes and results. Each state is responsible for conducting elections on their own terms, rules, and security. Often this trickles down to the cities, towns, and villages who have even less money to sufficiently secure themselves.
Considering such circumstances it should come as no surprise that hackers love to exploit universities and governments. A veritable smorgasbord of value within questionably secured organizations.
At Security On-Demand, we have government and university customers who rely on us to help them prevent such exploitation. We regularly see hackers attempting to compromise these groups. We recommend that information security teams employ strong security monitoring, detection and response services as well as harden the enterprise network through decreasing the attack surface, installing and properly configuring security devices, and segmenting the network to protect critical data.
About Security On-Demand
Security On-Demand (SOD) provides full-spectrum threat management and advanced cyber threat detection services for hundreds of businesses and government agencies globally. SOD’s patented, analytics technology enables the detection of advanced threats to protect brand value and reduce the risk and mitigate the impact of a data breach. SOD is headquartered in San Diego, CA with an international R&D office and Security Operation Center in Warsaw, Poland.
