Call for all Educational Institutions & Library Networks to prioritise Cybersecurity.
A Case of Ransomware Attack that happened at Maastricht University
The ransomware attack on Maastricht University took place on 23rd December 2019. The adversaries locked 267 servers, including the official email, files, and a few critical servers, within 30 minutes time duration.
Initially, they had established their first foothold with the help of phishing emails sent to university employees earlier that year. For those unfamiliar with phishing attacks, it is an attempt to steal personal information or break into online accounts using deceptive emails, messages, ads, or sites that look similar to places you already use. For example, a phishing email might look like it's from your bank and request private information about your bank account. The adversaries mapped their network through phishing emails, and by abusing their backdoors, the hackers could get further into the network.
After a thorough investigation and serious consideration, the institution paid the requested ransom. After the incident, the university implemented various measures to intervene more quickly in the future, like setting up a Security Operations Centre and implementing different security policies for other accounts.
The incident highlights the need to prioritize cybersecurity. There are many steps that universities can take to safeguard their infrastructure. Some of the recommended safeguards are given below.
1. Make the university faculty, staff, and students aware of the risks of (spear) phishing and teach them how to recognize fake messages.
2. Dessimate and assist with dispersing the information to your target group, such as students, employees, IT staff, management, and higher leadership. Some of these groups are especially vulnerable. Take this into account in your awareness plan and strategy.
3. Encourage staff and students to report incidents.
4. Map your network and how systems and data are connected in detail. Create a list of contacts and backup contacts, indicating who manages what.
5. Prevent vulnerabilities from being exploited by performing timely updates and installing patches.
6. A Security Operations Centre ( SOC) helps to monitor cyber threats and detect abnormal behavior faster.