Security expert comments on spearphishing attacks against Singapore universities
Four Singapore universities were targeted by an Iran-based hacking group that was able to compromise 52 staff accounts and more than 31 terabytes of sensitive academic data.
Reports suggest that the accounts from Nanyang Technological University, the National University of Singapore, Singapore Management University, and the Singapore University of Technology and Design were all affected by the breach.
The Iranian group, from which nine members have been charged in the United States, attacked the universities. The Cyber Security Agency of Singapore released a statement about the Singapore breach last week.
ESET senior research fellow Nick FitzGerald believes that the attacks were part of a global campaign that targeted universities around the globe.
Because universities contain intellectual property, they are attractive to cyber attackers who are looking to sell it for financial gain, or by state-sponsored actors looking to gain competitive advantage.
“These attacks against universities serve as a reminder that more cross-country collaboration is needed to stop attackers from gaining an upper hand as cyberattacks transcend national boundaries. More industries and governments should share information and best practices so that we have a more coordinated strategy when dealing with attacks on such scale,” FitzGerald says.
Staff at the four universities were targeted by a spear phishing attack. The attack encouraged users to enter their credentials into a fake website. Attackers then used those credentials to access staff data.
FitzGerald notes that because people fell for the attack, people are still the weakest link.
“More needs to be done to ensure all staff are regularly educated and updated about the latest cyber threats and how to protect themselves,” he comments.
“In addition, organisations should look to incorporate multi-factor authentication technology as an added layer of security. This would strengthen an organisation's defence, especially against phishing attacks. A simple password can no longer be relied on as adequate protection against attackers. Whether it is biometrics, 2FA or other methods of authentication, multi-factor authentication technology is a stronger deterrent.
FitzGerald says there are a number of signs that can indicate phishing attempts.
- Peculiar domain names - Users should always place their mouse over a web link in an email to see if they are actually being sent to the right website as cybercriminals may use these ‘fake' sites to steal login credentials.
- Shortened URLs – Cybercriminals often mask ‘fake' sites using URL shortening services. Be aware that there are very many more URL shorteners than the well-known few such as Bitly and TinyURL!
- A sense of urgency – Cybercriminals know that exhortations to action at very short notice tend to switch off our critical faculties, as the ‘need to help' takes hold, so be especially aware of messages with a sense of urgency.
- A request for personal information – If unsure, users should make an independent check with the organisation involved.
- Poor grammar – Spelling mistakes, typos and unusual phrasing are unlikely in official communications from a legitimate service provider.
- Always double check when unsure – If you have the slightest doubt about the authenticity of any email, the golden rule is to always check with the relevant administrators.