Education remains a target for cyberattacks says Microsoft

A recent report by Microsoft has identified the education sector as the third most targeted industry for cyberattacks in the second quarter of 2024.

The findings of Microsoft's Cyber Signals report align with trends observed in Australia where education ranks high in "category 3 incidents," which include compromised networks, data breaches, ransomware, and phishing, as outlined in the ASD Cyber Threat Report 2022-2023.

According to the report, heavy reliance on QR codes poses significant phishing risks, as attackers often utilise these codes to access systems and data. Over the past year, Microsoft Defender for Office 365 blocked over 15,000 emails per day from targeting the education sector with malicious QR codes.

Other cyber threats highlighted include the highly sensitive data and intellectual property held by universities, which makes them attractive targets for threat actors. Compromised accounts of university employees are often used as springboards for further campaigns against government and industry targets.

Mark Anderson, National Security Officer for Microsoft ANZ, stated, "Education is often referred to as an 'industry of industries', as it faces a compounded mix of threats we see across other sectors. It is easy to understand why. Educational institutions handle a range of data in a complex infrastructure that includes a diversity of users and devices as well as a blend of modern and legacy IT systems. This complexity, combined with the high value and sensitivity of the IP within these systems, naturally attracts attention from attackers with different motives and skill levels."

He added, "In Australia, the situation is no different, especially when we look at the strength of our universities and R&D ecosystem. The sector is consistently ranking among the most targeted for cyberattacks and data breaches. There is a pressing need for educational organisations to prioritise core cyber hygiene practices, streamline technology infrastructures and raise security awareness within their communities. Threat protection solutions, from the most advanced to simple practices like multifactor authentication are no longer optional – they are essential components of a resilient cybersecurity strategy. By fortifying our educational institutions, we protect the innovation and academic excellence that drive our nation forward."

The report underscores cybersecurity challenges for educational institutions, which include issues arising from security staffing shortages and the use of a mix of personal and institutional devices, particularly in the United States.

A United Kingdom survey reported that 43% of higher education institutions experience a breach or cyberattack at least weekly, showing that cyber threats are a significant concern beyond the United States.

QR code phishing poses a substantial risk, with QR codes being prevalent in various educational communications, making them a potential vector for cyberattacks.

Microsoft's telemetry indicates enhanced security measures have notably reduced the efficacy of QR code phishing attacks, from approximately 3 million phishing emails in December 2023 to 179,000 by March 2024.

The report also highlights adversarial activities from nation-state actors and criminal groups targeting the education sector to access intellectual property and high-level connections. Noted actors include Peach Sandstorm, Mint Sandstorm, Mabna Institute, Emerald Sleet, Moonstone Sleet, and Storm-1877, each targeting different aspects or entities within the education field.

The document emphasises the need for educational institutions to adhere to basic cybersecurity hygiene and increase awareness among students, faculty, and staff about security risks and protective measures, such as multifactor authentication.