It’s being reported that Iranian hackers have targeted at least 18 British universities, including those certified by the National Cyber Security Centre (NCSC) to provide degrees in cybersecurity.
Pravin Kothari, CEO at CipherCloud:
“Iranian cyber attackers have targeted U.K. universities using the same phishing attacks that have worked successfully for most cyber attackers for years. The insult to injury here was the fact that these cyber attackers went after some of the U.K.’s best cyber universities. The phishing emails direct university student and employees to a fake website page where they are prompted with a login. This enabled the cyber attackers to harvest the authentication data and then subsequently use it to penetrate the accounts and networks.
The solution? In this particular scenario, two-factor authentication would have stopped these attackers cold. Technologies like access control with time travel detection could have noted the logins coming from two different IP addresses, in two likely very disparate geographical locations, perhaps at near the same time. User Entity and Behavior Analytics (UEBA) might have also noted attempted bulk file downloads or other atypical behavior by the cyber attackers. Finally, if the data stored within the university clouds is encrypted end-to-end, then the cyber attackers would only have access to unintelligible encrypted data. Cloud security basics still apply and can work better than ever. You only have to use them!”