The education sector is the third most targeted industry for cyberattacks in the second quarter of 2024, according to a recent Microsoft report.
The results of Microsoft’s Cyber Signals report are consistent with trends seen in Australia, where the ASD Cyber Threat Report 2022–2023 lists education as having a high ranking in “category 3 incidents,” which include ransomware, phishing, compromised networks, and data breaches.
Read More From Cybersecurity
The report claims that relying too much on QR codes increases the risk of phishing, because attackers frequently use these codes to gain access to systems and data. Microsoft Defender for Office 365 has been preventing over 15,000 malicious QR code-based emails, directed towards the education sector every day for the past year.
Universities’ highly sensitive data and intellectual property are among the other cyber threats that have been brought to light. This makes universities appealing targets for threat actors. University staff members’ compromised accounts are frequently exploited as launchpads for additional campaigns aimed at government and business targets.
“Education is often called an ‘industry of industries’, as it faces a compounded mix of threats we see across other sectors,” said Mark Anderson, National Security Officer for Microsoft ANZ. It’s not hard to see why. Educational establishments manage a variety of data within an intricate infrastructure comprising a heterogeneous user base, a range of devices and a combination of contemporary and antiquated IT systems. Due to its intricacy and the highly valuable and sensitive intellectual property these systems contain, attackers with a variety of backgrounds and motivations are bound to become interested in them.”
Read More From Generative Artificial Intelligence News
“The situation is no different in Australia,” he continued “especially when we consider the strength of our universities and R&D ecosystem.” The industry frequently ranks among those that are most frequently the target of #cyberattacks and data breaches. Educational institutions must prioritize basic cyber hygiene procedures, simplify their technological infrastructures, and increase community security awareness.
The most sophisticated threat protection techniques, as well as more basic ones like multifactor authentication, are now required parts of any robust cybersecurity plan and are not optional. By strengthening our educational establishments, we safeguard the creativity and academic distinction that propel our country forward.”
The report emphasizes the difficulties, that educational institutions face when it comes to cybersecurity. These difficulties stem from a lack of security personnel as well as the use of a combination of personal and institutional devices, especially in the US.
Read More From Google
Cyber risks are a serious concern outside of the United States as evidenced by a survey conducted in the United Kingdom which found that 43% of higher education institutions encounter a breach or cyberattack every week.
Due to the fact that QR codes are frequently used in educational communications, they present a significant risk of being used as a vector for cyberattacks.
Microsoft’s telemetry indicates that since security measures were put in place. Phishing attacks using QR codes are now much less effective. There were roughly 3 million phishing emails in December 2023, but by March 2024 there were only 179,000.
Read More From Brit News Hub
The report also emphasizes, how hostilely nation-state actors and criminal organizations have targeted the education sector to gain access to high-level contacts and intellectual property. Notable actors that target various facets or entities within the education field are Peach Sandstorm, Mint Sandstorm, Emerald Sleet, Moonstone Sleet, Mabna Institute and Storm-1877.
The document highlights how important, it is for academic institutions to follow basic cybersecurity best practices and raise staff, faculty and student awareness of security risks and countermeasures like multifactor authentication.
