Story image

Security expert comments on spearphishing attacks against Singapore universities

06 Apr 18

Four Singapore universities were targeted by an Iran-based hacking group that was able to compromise 52 staff accounts and more than 31 terabytes of sensitive academic data.

Reports suggest that the accounts from Nanyang Technological University, the National University of Singapore, Singapore Management University, and the Singapore University of Technology and Design were all affected by the breach.

The Iranian group, from which nine members have been charged in the United States, attacked the universities. The Cyber Security Agency of Singapore released a statement about the Singapore breach last week.

ESET senior research fellow Nick FitzGerald believes that the attacks were part of a global campaign that targeted universities around the globe.

Because universities contain intellectual property, they are attractive to cyber attackers who are looking to sell it for financial gain, or by state-sponsored actors looking to gain competitive advantage.

“These attacks against universities serve as a reminder that more cross-country collaboration is needed to stop attackers from gaining an upper hand as cyberattacks transcend national boundaries. More industries and governments should share information and best practices so that we have a more coordinated strategy when dealing with attacks on such scale,” FitzGerald says.

Staff at the four universities were targeted by a spear phishing attack. The attack encouraged users to enter their credentials into a fake website. Attackers then used those credentials to access staff data.

FitzGerald notes that because people fell for the attack, people are still the weakest link.

“More needs to be done to ensure all staff are regularly educated and updated about the latest cyber threats and how to protect themselves,” he comments.

“In addition, organisations should look to incorporate multi-factor authentication technology as an added layer of security. This would strengthen an organisation’s defence, especially against phishing attacks. A simple password can no longer be relied on as adequate protection against attackers. Whether it is biometrics, 2FA or other methods of authentication, multi-factor authentication technology is a stronger deterrent.”

FitzGerald says there are a number of signs that can indicate phishing attempts.

  • Peculiar domain names - Users should always place their mouse over a web link in an email to see if they are actually being sent to the right website as cybercriminals may use these ‘fake’ sites to steal login credentials.
  • Shortened URLs – Cybercriminals often mask ‘fake’ sites using URL shortening services. Be aware that there are very many more URL shorteners than the well-known few such as Bitly and TinyURL!
  • A sense of urgency – Cybercriminals know that exhortations to action at very short notice tend to switch off our critical faculties, as the ‘need to help’ takes hold, so be especially aware of messages with a sense of urgency.
  • A request for personal information – If unsure, users should make an independent check with the organisation involved.
  • Poor grammar – Spelling mistakes, typos and unusual phrasing are unlikely in official communications from a legitimate service provider.
  • Always double check when unsure – If you have the slightest doubt about the authenticity of any email, the golden rule is to always check with the relevant administrators.
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.