Cyber threat to disrupt start of university term
Universities and colleges are being warned by the UK's cyber-security agency that rising numbers of cyber-attacks are threatening to disrupt the start of term.
The National Cyber Security Centre has issued an alert after a recent spike in attacks on educational institutions.
These have been "ransomware" incidents which block access to computer systems.
Paul Chichester, the NCSC's director of operations, says such attacks are "reprehensible".
The return to school, college and university, already facing problems with Covid-19, now faces an increased risk from cyber-attacks, which the security agency says could "de-rail their preparations for the new term".
The cyber-security body, part of the GCHQ intelligence agency, says attacks can have a "devastating impact" and take weeks or months to put right.
Newcastle University and Northumbria have both been targeted by cyber-attacks this month, and a group of further education colleges in Yorkshire and a higher education college in Lancashire faced attacks last month.
- Newcastle University faces cyber-attack
- Northumbria University hit by cyber-attack
- UK universities in Blackbaud attack
- Leeds college group under cyber-attack
- Hackers beat university cyber-defences in two hours
- Students blamed for college cyber-attacks
The warning from the NCSC follows a spate of ransomware attacks against academic institutions - in which malicious software or "malware" is used to lock out users from their own computer systems, paralysing online services, websites and phone networks.
The security agency says this is often followed by a ransom note demanding payment for the recovery of this frozen or stolen data - sometimes with the added threat of publicly releasing sensitive information.
Universities have frequently been targets of cyber-attacks - with up to a thousand attacks per year in the UK.
Attacks can be attempts to obtain valuable research information that is commercially and politically sensitive. Universities also hold much personal data about students, staff and, in some cases, former students who might have made donations.
Earlier this summer more than 20 universities and charities in the UK, US and Canada were caught up in a ransomware cyber-attack involving a cloud computing supplier, Blackbaud.
A Freedom of Information inquiry in July, carried out by the TopLine Comms digital public relations company, found 35 UK universities, out of 105 responses, had faced ransomware attacks over the past decade. There were 25 which had not had attacks - and a further 43 which declined to answer.
One university reported 42 separate ransomware attacks since 2013.
The warning from the NCSC highlights the vulnerability of online systems for remote working, as increased numbers of staff are working from home.
"Phishing" attacks, where people are tricked into clicking on a malicious link such as in an email, also remains a common pathway for such ransomware attempts, says the advice.
Mr Chichester of the NCSC says: "The criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible."
"I would strongly urge all academic institutions to take heed of our alert."
The intervention was backed by Jisc, the body which provides internet services for UK universities and research centres.
Steve Kennett of Jisc says that after the wave of cyber-attacks on the "education and research community", institutions need to take action to reduce their risks.
Universities UK says data security has had to become a priority for higher education - and that "protections are in place to manage threats as much as possible".
The universities body also says it is working with the NCSC to produce "robust guidance on cyber-security" which will be released later this academic year.