British Universities Vulnerable To Credentials Fraud

 A leading cyber security solutions company, Crossword, has published its analysis of online criminal markets detected by its Trillion risk monitoring platform, which concludes that UK universities are at high risk of major cyber security incidents launched using stolen credentials.  

The Trillion team discovered 2.2 million breached credentials available on the dark web for the top 100 British institutions, with 57% belonging to the 24 Russell Group Universities.

With over 2.41m staff and students at UK universities in the 21/22 academic year studying for degrees, including 679,000 students from outside the UK, the potential reach and impact of a breach is serious, placing personal information at risk and disrupting the studies of millions that have chosen the UK as the place to invest for their future.  

Research Facilities In The Crosshairs

The UK university sector is renowned for the quality of its research facilities, driving innovation across many sectors including healthcare and technology, as well as government funded programmes of national importance such as nuclear energy and defence. In particular, Crossword found that 54% of the breached credentials came from UK universities with research facilities.

Location & Size

The location and size of universities has an impact on the extent to which credentials have been breached, with London substantially at more risk, with 506,330 (20%) credentials breached, followed by the South East (334,251 – 13%) and Scotland (306,873 – 12%). Other key findings related to size and location include:

  • Top 30 universities are up to 50% more likely to have breached credentials than any other institution in the remaining top 100
  • London universities have more breached credentials (506,330) than Scotland, Wales and Northern Ireland combined (465,767)
  • Largest segment of breached credentials by university student population: 

o    More than 30,000 students - 38% had 20,000-30,000 breached credentials
o    20,000-30,000 students – 39% had 10,000-20,000 breached credentials
o    10,000-20,000 students – 38% had 10,000-20,000 breached credentials
o    5,000-10,000 students – 29% had 2,000-4,000 breached credentials.  

 These environments are amongst the most uniquely challenging to protect with overlapping requirements for secrecy and openness, so many attack paths need to be factored. Crossword's advice for all organisations, not just the education sector, is to include the proactive monitoring for stolen credentials, and a requirement for multi-factor authentication.

  • Use Two Factor Authentication (2FA) on user accounts - Using 2FA on internal systems is a good start. But this does not always protect you when working with external partners, such as law firms, expense portals etc, as their systems may not require it. So you should always remain vigilant.
  • Does single sign-on (SSO) protect us? Not really. If an attacker can obtain a valid password for your SSO application then they can use it for wider access. If they can access your email account then they can probably request password resets, which they can then carry out.
  • Resetting passwords is only a temporary fix - The problem goes away until one of your new passwords is leaked again by another site you are using. So you need to maintain an ongoing process of protection.
  • Have a policy that enforces complex passwords - The NCSC website has good guidance on choosing secure passwords. But remember your passwords still need to be unique for each website. And even a complex password, if it’s stolen from a 3rd party, can still be used against you.
  • Use a 3rd party tool to monitor for breaches – These tools can automatically monitor and track stolen credentials, alerting organisations and users to a breach.  Trillion also applies proprietary risk scoring algorithms to rapidly alert organisations to the presence of their user credentials on the Dark Web.

Commenting on the findings, Stuart Jubb, Group Managing Director at Crossword said: “UK universities and research facilities are among the most respected in the world, and protecting that reputation includes protecting the students, staff and information that is shared with them for research projects by government, the public and private sector, through effective cyber security practices.

You Might Also Read: 

Manchester University Hacked:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Email Impersonation Attacks Reach All-Time High
Twenty Million Scam Emails Reported In Britain »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

High-Tech Bridge

High-Tech Bridge

High-Tech Bridge SA is a Swiss MSSP provider offering security auditing, source code review and computer forensics.

Logicalis

Logicalis

Logicalis are a leading provider of global IT solutions and managed services.

Akin Gump Strauss Hauer & Feld

Akin Gump Strauss Hauer & Feld

Akin is a leading global law firm providing innovative legal services and business solutions to individuals and institutions. Practice areas include Cybersecurity, Privacy and Data Protection.

Canadian Centre for Cyber Security (CCCS)

Canadian Centre for Cyber Security (CCCS)

The Cyber Centre is the single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure, the private sector and the public.

International Conference on Information Systems Security & Privacy (ICISSP)

International Conference on Information Systems Security & Privacy (ICISSP)

The ICISSP event is a meeting point for researchers and practitioners to address security and privacy challenges concerning information systems.

Venable

Venable

Venable is an American Lawyer 100 law firm with nine offices across the USA, Practice areas include Cybersecurity.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

Egyptian Supreme Cybersecurity Council (ESCC)

Egyptian Supreme Cybersecurity Council (ESCC)

ESCC is responsible for developing a national strategy to face and respond to the cyber threats and attacks and to oversee its implementation and update.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

CloudVector

CloudVector

CloudVector's API Detection & Response platform is the only API Threat Protection solution that goes beyond the gateway to provide Shadow API Prevention and Deep API Risk Monitoring and Remediation.

Cyber Talents

Cyber Talents

CyberTalents is on a mission to close the gap of cyber security professionals shortage across the globe.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

Imprivata

Imprivata

Imprivata is the digital identity company for life- and mission-critical industries, redefining how organizations solve complex workflow, security, and compliance challenges.

WaveLink

WaveLink

WaveLink offers low risk, results-oriented Engineering Services and best-of-class Technical Support Services. Areas of expertise include cyber and security engineering.

InQuest

InQuest

InQuest specialize in providing comprehensive network-based security solutions that empower organizations to protect their most critical assets: their people.