Seven Australian universities hit by hackers in search of intellectual property

August 30, 2018 |

Universities and institutes of higher learning hold enormous amounts of intellectual property that is valued by foreign governments or those wanting to obtain financial advantage without the effort.  They are prime targets for cyber attacks.  As are law firms which often have data relating to intellectual property claims or litigation.

In March 2018 the United States filed indictments against Iranian Revolutionary Guards for hacking computers of 7,998 professors at 320 computers involving 144 universities as well as other institutions  over the last 5 years.  In early July 2018 the Guardian reported that the Australian National University was hit by Chinese hackers.  As did the Australian.

This week ARN reports in Seven Australian universities targeted in global hacking campaign reports that 7 Australian Universities as part of a global action targeting researchers.  It seems that spoofing was part of the way in which the hackers obtained credentials to access the universities intranets.

The ARN article provides:

At least seven Australian universities have been attacked by cyber criminals in a global action targeting researchers.

The attack was discovered by Secureworks’ Counter Threat Unit (CTU), which said is similar to previous cyber operations by Cobalt Dickens — a threat group associated with the Iranian Government.

Secureworks, which is part of the Dell Technologies group, first found a URL spoofing a login page for one university.

Further research into the IP address hosting the spoofed page revealed a broader campaign created to steal credentials, specifically those of students and professors conducting research.

Sixteen domains contained more than 300 spoofed websites and login pages for 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States

Users would be directed to the legitimate website after entering their credentials into the fake login page.

“Numerous spoofed domains referenced the targeted universities’ online library systems, indicating the threat actors’ intent to gain access to these resources,” Secureworks stated in a blog post.

“CTU researchers were unable to confirm functionality of all identified spoofed pages because some of the domains were not accessible at the time of analysis.

“Many of the domains were registered between May and August 2018, with the most recent being registered on August 19. Domain registrations indicate the infrastructure to support this campaign was still being created when CTU researchers discovered the activity.”

According to Secureworks, universities make attractive targets for those interested in accessing intellectual property.

“Universities are known to develop cutting-edge research and can attract global researchers and students,” Secureworks explained.

According to the security specialist, universities are more difficult to secure than regulated services such as healthcare or financial institutions.

In July, Chinese hackers got inside the Australian National University (ANU) systems, the ABC reported.

The systems had been compromised in 2017 and the ANU said it was working with intelligence agencies for months to minimise the impact of the threat.

“The university has been working in partnership with Australian government agencies for several months to minimise the impact of this threat, and we continue to seek and take advice from Australian government agencies,” ANU told the ABC.

On 27 August, the Australian Competition and Consumer Commission (ACCC) revealed that Australian citizens have lost $4.4 million to scammers trying to gain access to their computers so far in 2018.

ACCC’s Scamwatch website has recorded a significant spike in remote access scams with more than 8,000 reports recorded in 2018

According to the ACCC, there was a significant increase in scams impersonating well-known brands or the police in order to steal money or banking information.

Leave a Reply

Verified by MonsterInsights