Story image

Security expert comments on spearphishing attacks against Singapore universities

06 Apr 18

Four Singapore universities were targeted by an Iran-based hacking group that was able to compromise 52 staff accounts and more than 31 terabytes of sensitive academic data.

Reports suggest that the accounts from Nanyang Technological University, the National University of Singapore, Singapore Management University, and the Singapore University of Technology and Design were all affected by the breach.

The Iranian group, from which nine members have been charged in the United States, attacked the universities. The Cyber Security Agency of Singapore released a statement about the Singapore breach last week.

ESET senior research fellow Nick FitzGerald believes that the attacks were part of a global campaign that targeted universities around the globe.

Because universities contain intellectual property, they are attractive to cyber attackers who are looking to sell it for financial gain, or by state-sponsored actors looking to gain competitive advantage.

“These attacks against universities serve as a reminder that more cross-country collaboration is needed to stop attackers from gaining an upper hand as cyberattacks transcend national boundaries. More industries and governments should share information and best practices so that we have a more coordinated strategy when dealing with attacks on such scale,” FitzGerald says.

Staff at the four universities were targeted by a spear phishing attack. The attack encouraged users to enter their credentials into a fake website. Attackers then used those credentials to access staff data.

FitzGerald notes that because people fell for the attack, people are still the weakest link.

“More needs to be done to ensure all staff are regularly educated and updated about the latest cyber threats and how to protect themselves,” he comments.

“In addition, organisations should look to incorporate multi-factor authentication technology as an added layer of security. This would strengthen an organisation’s defence, especially against phishing attacks. A simple password can no longer be relied on as adequate protection against attackers. Whether it is biometrics, 2FA or other methods of authentication, multi-factor authentication technology is a stronger deterrent.”

FitzGerald says there are a number of signs that can indicate phishing attempts.

  • Peculiar domain names - Users should always place their mouse over a web link in an email to see if they are actually being sent to the right website as cybercriminals may use these ‘fake’ sites to steal login credentials.
  • Shortened URLs – Cybercriminals often mask ‘fake’ sites using URL shortening services. Be aware that there are very many more URL shorteners than the well-known few such as Bitly and TinyURL!
  • A sense of urgency – Cybercriminals know that exhortations to action at very short notice tend to switch off our critical faculties, as the ‘need to help’ takes hold, so be especially aware of messages with a sense of urgency.
  • A request for personal information – If unsure, users should make an independent check with the organisation involved.
  • Poor grammar – Spelling mistakes, typos and unusual phrasing are unlikely in official communications from a legitimate service provider.
  • Always double check when unsure – If you have the slightest doubt about the authenticity of any email, the golden rule is to always check with the relevant administrators.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).