2014-2016 Hackers became smarter, Higher Education cyber attacks are more specific

This year was no exception when talking about espionage attacks on universities. Breaches exposed data amounting to several hundreds of records and methods became more sophisticated and aggressive. Among them, the following ones can be mentioned. 

At the beginning of 2014, the University of Maryland suffered a data breach that exposed records of 309,079 people dating back to 1998. The president of the university community Wallace D. Loh noted that the main question was how the attacker managed to bypass the sophisticated, multi-layered security defenses. The authorities of the university commented that the attackers must have had a good comprehension of the hacked system’s structure, the level of encryption and the database protection. Brian Voss, vice president and chief information officer at the University of Maryland, noted that the incident did not resemble typical attacks in which someone left the door open giving a malefactor an opportunity to get the access to the system. As Voss commented, hackers picked through several locks to get to this data. 

Another side of technique sophistication was reflected in the attention of attackers to financial systems that were considered another soft spot. The case of University California Berkeley illustrates that detecting a vulnerability is not always enough as sometimes it can be already too late. As soon as a loophole in Berkeley Financial System was detected in November 2015, the campus started the security fix implementation. The BFS is a software application the campus uses for financial management, including purchasing and the majority of non-salary payments. Still, since the patch installation on the system took about two weeks, the hackers had enough time to discover a security flaw and use it to access the system. University officials informed around 80,000 people about an incident. The attack could poetically cause huge losses as BFS contained the data of some 50 percent of current students and 65 percent of employees. 

Sometimes, the malefactors do not try to hide and disclose the attack themselves. Metropolitan State University learned about a breach on servers of the university from the blog post where someone had bragged about hacking into the website. The attacker seemed to be an Australian teenager claiming to have attacked Metro State’s website as well as about 75 others. The authorities made a decision to switch the website to another server in order to prevent further attacks. 

The notable feature of this time period is a sharp increase in attacks number. According to the statistic provided by Verizon’s annual Data Breach Investigations Report, the frequency of security breaches affecting universities multiplied almost ten times.