Cybersecurity industry reacts to UCL email attacks

Industry leaders are weighing in following the news that University College London (UCL) faced almost 60 million malicious email attacks in the first three months of 2022, according to official figures.

The data, which was analysed by the Parliament Street think tank, revealed that a total of 58,628,604 spam, phishing, malware and edge block attacks were successfully blocked by the university between 24 December 2021 and 23 March 2022.

Edge block software, which automatically blocks email messages sent to recipients that do not exist in the Office 365 tenant, accounted for 88% of countered malicious attacks.

Spam emails made up 6,720,913 of attacks blocked, whilst phishing accounted for 408,212 attacks and malware for 53,753 attacks.

UCL stated that they only keep records for the number of blocked emails for 90 days.

The news comes amidst rising cyber fears amongst higher education institutions, with the National Cyber Security Centre (NCSC) strongly advising organisations to “follow the actionable steps in the NCSC guidance that reduce the risk of falling victim to an attack.”

Tim Sadler, CEO and co-founder of Tessian, commented:

“Education institutions are regularly targeted by cybercriminals who want to get hold of the valuable information and data they hold, such as world-leading research, intellectual property, and the personal financial details of thousands of university staff, students and alumni. Due to the people-heavy nature of the industry, and reliance on email to stay connected with one another, phishing is an easy way ‘in’ for these cybercriminals and it quickly leads to loss of data and ransomware attacks.

“In recent years, some universities have ‘paid off’ ransomware cyberattacks, and this could encourage even more to occur. Moving forward, it’s imperative that universities understand the ways in which their staff and their students could be targeted by phishing campaigns, and train them on what to look for.”

Achi Lewis, Area Vice President EMEA, Absolute Software, also commented:

“Utilising a resilient zero-trust approach to verify all users accessing important data, can help stop an attack before it happens. Whilst it is also important to have recovery policies and technologies in place to shut down or freeze infected devices to prevent an attacker accessing other areas of an organisation’s IT network.”

Andy Robertson, head of Fujitsu Cyber Security, Fujitsu UK&I said:

“Going forward, universities need to offer the same protection and guarantees to their students as big companies do to their clients and customers.

“And with employees and students working and studying in hybrid ways, meaning they regularly use their own devices and Wi-Fi, it’s critical they implement security tools such as Multi-Factor Authentication (MFA) and Conditional Access (CA) to data. These tools allow education institutions to set policies that control who can connect, where they can connect from and from what devices.”

Nelson Ody, product manager, Cyber Security at RM, adds:

“Ultimately, universities, and similar institutions must treat these attacks as if they were physical – they need to prepare for them like they do a fire drill.”

Read more: Ransomware a growing threat, says new Jisc cyber impact report

Comments are closed.