Ethical Hacking In 50 Universities Created Panic For Students In UK
“Mission accomplished,” that maybe the announcement that ethical hackers said to their clients, as they were legally tasked to “hack” some 50 schools in the United Kingdom the moment the students themselves went to social media to complain about the “hacking”.
The unsung heroes of the cybersecurity world, ethical hackers only needed two hours to infiltrate some unnamed universities to the disgust of its students. The good news here is the “hacking” was done in good faith, with full knowledge of the university officials and they were paid to do it. Also, known as penetration testing, it is the best method (but not the cheapest) in understanding the vulnerabilities of a computer installation or network, by allowing hacking to happen in a controlled environment in order to see what areas need improvements.
Unfortunately, university computer installations and its respective networks, including its internal Wi-Fi are the weakest if not the weakest in all sectors. The ethical hackers were able to use a combination of vulnerability exploit and phishing attempts in order to infiltrate systems. During the penetration testing for the 50 unnamed universities, a special persuasive spear phishing email was used in order to attract the attention of some staff members of the universities (only their top officials were made aware that a penetration testing is happening).
The emails were designed to simulate dropper malware, which is a computer virus designed to launch other malware into the system once they gain execute privilege.
“Cyberattacks are becoming more sophisticated and prevalent and universities can't afford to stand still in the face of this constantly evolving threat. While the majority of higher education providers take this problem seriously, we are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills, and investment. To avert a potentially disastrous data breach or network outage, it is critical that all university leaders know what action to take to build robust defenses,” explained Dr. John Chapman, head of Jisc Security Operations Center who helped with the penetration testing event.
With the effectiveness of ethical hacking, which brought students to social media to complain easily means one thing, success for penetration testing. It was successful in simulating a real hacking incident, to a point that students and staff of the universities were caught off guard, paving the way for a resistant-less ethical hacking. It also opens the awareness of students and staff alike when it comes to the issue of having a credible cybersecurity defense posture that even Universities really need to have these days.
“Universities are absolutely reliant on connectivity to conduct almost all their functions, from administration and finance to teaching and research. These activities accrue huge amounts of data; this places a burden of responsibility on institutions, which must ensure the safety of online systems and the data held within them,” emphasized Prof. David Maguire, Vice-Chancellor of the Greenwich University and also chairs Jisc.
Firms, including schools and universities, need to consider conducting penetration testing for their networks and computers. This kind of activity needs to be treated as an investment rather than a cost, as there is no cost bigger than trying to recover from an incident of data breach and cyber attack.