The Mabna Institute, an Iranian consulting firm, has been accused of carrying out a number of attacks on universities. The attacks targeted professors by email and are reported to have compromised around 8,000 individuals, with 31TB of data estimated to be stolen.
Many are under the misconception the education sector is not in the crosshairs of cybercriminals, but in my experience it's the opposite. Universities by nature harvest intellectual property and are often at the forefront of cutting edge innovations and inventions.
Some of the most widely-used products, technologies, medical treatments and devices are ideas born within universities - let's take the nicotine patch as an example - Dr. Murray E. Jarvik, the UCLA pharmacologist showed that nicotine was the addictive factor in tobacco and invented the patch for smokers trying to quit. Had this research been in the wrong hands at the wrong time, the value of this data is difficult to place a price tag on, considering the tobacco industry has a net worth of $35.1 billion annually.
The most recent Verizon Data Breach report validates my experience, labelling 20 per cent of attacks on the sector as motivated by espionage, and, worryingly, 68 per cent of attacks being unnoticed for months.
The education sector has been slower to adopt the concept of 'when' an attack will occur rather than an 'if'. However, attacks such as this reinforce the need for a detection and response plan and the importance of safeguarding research data and monitoring users (professors) for abnormal behaviour and anomalies.
The United States has imposed sanctions on an Iranian company and 10 individuals for alleged cyberattacks, including on hundreds of universities. The Mabna Institute is accused of stealing 31 terabytes of "valuable intellectual property and data". The justice department said the firm hacked 320 universities around the world, dozens of companies and parts of the US government.