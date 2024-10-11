The education sector continues to be plagued by malicious threats, with new research from Microsoft claiming nearly half (43%) of UK higher education institutions experience weekly breaches or cyberattacks.

The company's latest Cyber Signals Report claims Universities are prime targets for malware, IoT vulnerabilities, and phishing - with an average of 2,507 cyberattack attempts per week according to the report.

This makes education the third most targeted industry for attacks, behind manufacturing and consumer retail.

A high price

The report identified email systems and networks as a vulnerability for universities since they offer wide spaces for compromise. The need for constant communication both within and outside of the school networks leaves space for external user attacks.

Since higher education facilities hold sensitive information on students and staff but don’t have huge cybersecurity budgets, they have become an attractive target for threat actors who look to exfiltrate the data for ransom.

Recent research shows schools and universities are paying higher ransoms than ever before, with over two-thirds (67%) of IT leaders working in higher education reporting ending up paying more than what hackers originally asked for.

“Educational institutions feel a sense of responsibility to remain open and continue providing their services to their communities. These two factors could be contributing to why victims feel so much pressure to pay,” said Chester Wisniewski, Director at Sophos.

Microsoft’s research also uncovered nation state actors which have targeted education institutions. For example, Iranian state actors such as Peach Sandstorm and Mint Sandstorm have both been observed to use social engineering attacks.

“The types of threats that we’re seeing, the types of events that are occurring in higher education, are much more aggressive by cyber adversaries,” commented Davis McMorries, Chief Information Security Officer at Oregon State University.

In particular, around 15000 malicious QR code emails target the industry every day.