If you’ve followed data breaches over the years you will notice that no industry is safe – which is no secret to anyone. But what may be surprising is the amount of Universities and local governments (including States) are targeted by hackers.
Perceived of Lack of Security
Being either government or non-profit (in the case of private universities), funding and spending can be a trial. There is a common belief – whether true or not – that security teams in state and local governments and universities are underfunded and therefore the organization is unsecure. So hackers, as opportunists, often view these organizations as low hanging fruit. However, this alone is not reason enough for hackers to go after it, there needs to be something of value.
Useful as Attack Launch Point and Command and Control
Hackers often take advantage of “low hanging fruit” in order to set up an attack infrastructure that can be used to obfuscate where the attack is coming from. It is not in the hackers’ interest to launch attacks against a particular organization directly from one’s own computer and terminal as the attack can be easily traced back.
Universities, in particular, are very popular locations to use as the attack hop points, as well as command and control (C2) nodes and data exfiltration points. This is because there are often wide-open segments on the network that generate a large amount of traffic. For example, a DNS server at a University library on the student network typically produce very large amounts of data during a normal day. Installing command and control tools and gaining remote access on such devices are less likely to be noticed than if they were installed and operating on a quieter device.
On top of that, many networks at colleges such as those that serve the student dorms have decreased security restrictions for ease of use by the students. On such networks it is not uncommon to see large amounts of torrent, file sharing, and TOR activity, for example. Thus hackers can also use such services for their purposes and the security administrators may be none-the-wiser.
We also see similar activity in state and local governments, though perhaps to a bit lesser extent. However, any network that processes a large amount of internet traffic, such as the DMV, are often targeted and used in the same manner.
Valuable Information to Steal
Hackers do not only go after these organizations because they are useful as part of their attack infrastructure. Universities and governments also have valuable information that can be stolen. Colleges and Universities are obviously targets for such information, particularly those that perform a large amount of cutting-edge research.
APT’s generally have two primary motivations: espionage and intellectual-property theft. Universities have valuable information that suit both of those classifications. Why develop your own technology when you can just steal it from those who already built it? That seems to be the mantra of APT hackers.
Governments and colleges have useful personal information (PII) on residents and students and maintain legal, driving, health and other records that can be used for any number of purposes ranging from identity theft to blackmail.
Finally, as exemplified by the controversy of Russian meddling in the 2016 Presidential elections, there is significant opportunity for hackers to influence or throw into doubt America’s electoral processes and results. Each state is responsible for conducting elections on their own terms, rules, and security. Often this trickles down to the cities, towns, and villages who have even less money to sufficiently secure themselves.
Considering such circumstances it should come as no surprise that hackers love to exploit universities and governments. A veritable smorgasbord of value within questionably secured organizations.
At Security On-Demand, we have government and university customers who rely on us to help them prevent such exploitation. We regularly see hackers attempting to compromise these groups. We recommend that information security teams employ strong security monitoring, detection, and response services as well as harden the enterprise network through decreasing the attack surface, installing and properly configuring security devices, and segmenting the network to protect critical data.
About Security On-Demand
Security On-Demand is an industry pioneer and recognized innovator within the managed security space. We are leading the industry in threat detection through behavioral analytics and machine learning.