BBC investigation reveals UK universities under cyberattack

University library
Image credit: Pixabay (Image credit: Andrew_t8 / Pixabay)

While businesses are often the target of cyberattacks, new research from BBC's Radio 4 has revealed that two thirds of UK universities have been hacked over the past four years.

In addition to obtaining data on students and staff, the hackers behind the attacks also acquired valuable university research.

According to EfficientIP, UK universities and the public sector as a whole don't understand the value in the data they hold leaving IT infrastructures' highly vulnerable to cyberattacks especially lesser known attacks on Domain Name Systems (DNS).

DNS attacks

As DNS is open by design, it is one of the easiest parts of a network for cybercriminals to target. Through DNS attacks hackers are able to obtain sensitive data as well as cause application downtime.

Data from EfficientIP's 2018 Global DNS Report revealed that the majority (96%) of public sector organizations have fallen victim to a DNS attack in the last 12 months with 33 percent of organizations facing an average of 20 attacks.

The research also showed that 24 percent of UK public sector organizations had intellectual property stolen as a direct impact of DNS attacks.

Businesses have already learned how valuable their data and it is about time that universities and other public sector organizations do so as well.

EfficientIP's CEO David Williamson reached out to TechRadar Pro with his insight on BBC's findings, saying:

"It is extremely alarming to hear that university data and research, accrued by some of the brightest minds, is being stolen regularly from the institutions responsible for preserving and safeguarding it. Hackers seem to be drawn to academia for particular reasons: their networks remain open by nature, they house a large amount of sensitive data, and they host a prevalence of unsecured connected devices. With every new major attack splashed across the headlines, universities are realising that legacy network security systems are inadequate for preventing data theft, and are turning to more holistic, innovative solutions. With the number of DNS-based threats targeting organisations on the rise, the education sector will benefit from purpose-built security solutions that provide context, closing loopholes for malware to enter, and offering adaptive countermeasures to ensure apps and services are available on and off campus."

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.