Cyberthreats against academia picked up this year, CrowdStrike says

As financially motivated attacks get easier to carry out, more universities are entering entering the crosshairs, CrowdStrike says.
upward trend graph
(Getty Images)

Online criminal activity against the education industry continued to rise over the past year, especially as it becomes easier for malicious actors to carry out attacks like ransomware, according to a report published Tuesday by the cybersecurity company CrowdStrike.

The company’s Falcon OverWatch threat-hunting team said in its annual global report that the academic sector saw increased activity from financially motivated criminals, nation-state actors and hacktivists over the 12-month period ending this past June, compared with the previous 12-month cycle. But that trend doesn’t single out education: CrowdStrike found increased malicious activity in nearly all sectors, with the tech industry, health care and retail all seeing bigger increases than education.

“If we look at e-crime, adversaries have been more activity across every vertical. Every organization is in the crosshairs,” said Nick Lowe, the director of CrowdStrike’s threat-hunting team. “As long as every organization tends to struggle with security hygiene, for example, e-crime is going to find a way in.”

The CrowdStrike report explained why higher education is particularly sensitive to both financially motivated attacks and foreign-backed threats: In addition to housing high-value research and intellectual property, universities also have sprawling user bases that include faculty, staff, students and alumni. Earlier this year, the FBI warned universities that lists of network credentials stolen from U.S. universities were available for purchase on criminal forums.


Lowe told EdScoop identity management is also a greater concern than ever before thanks to the affiliate system favored by many ransomware operations, in which novice cybercriminals can purchase hacking tools, malware and even potential access points into vulnerable organizations.

“That whole ransomware-as-a-service model is making it really easy to operationalize an intrusion,” Lowe said. “The heavy lifting isn’t required. A criminal actor can buy existing access then launch their objectives from that point.”

Ransomware has continued to wreak havoc on higher education this year, perhaps most notably at Lincoln College, a small school in Illinois that closed permanently in May, after a ransomware attack compounded its longstanding financial woes.

“It only takes that one gaffe,” Lowe said.

Latest Podcasts