Education was the top industry globally impacted by Trojans in 2018, and cybersecurity company Malwarebytes Labs has identified this trend will continue to accelerate in 2019.
Trojans represented almost 30% of all detections on institution-owned devices. Among devices plugging into the network, Trojans represent the single largest threat category, even above generic Malware and Adware detections. Trojans use deception and social engineering to trick unsuspecting users into running seemingly benign computer programs that hide malicious ulterior motives.
Amongst Australian education organisations, 21% of compromised non-institution-owned devices carried Trojans, much higher than other western countries such as Singapore (17%), or the UK (5%).
In this first half of 2019, Emotet, Trickbot and Trace have been particularly active in the education space globally, with the three representing nearly half of all Trojans detected (44%) and more than 11% of all compromises
According to Malwarebytes, school and university networks often lack strong protection due to limited budgets and resources. As a consequence, connected devices remain a favoured point of entry for hackers, whether on institution-owned or BYOD devices, compromising systems and sensitive data.
In 2018, education was the top industry for Adware compromises, Trojan detections, and second on the list of verticals most commonly hit with ransomware. This trend continued in the first half of 2019 and is likely to continue to remain a threat for educational institutions in years to come.
Australia a prime target
In Q3 this year, Malwarebytes detected more activity across the Australian education domain (.edu.au) than the rest of the world’s education domains. In particular, August saw a growth of malware detections which could indicate the beginning of another surge into Spring.
Connected devices in hackers’ line of fire
Globally, in the first half of 2019, Trojans, Adware and Backdoors were the three largest categories of threats identified among education institutions:
Malwarebytes Labs also detected that globally the .edu domain email addresses was increasingly being used on a wide array of other networks, increasing the risk of infection and harm to both the device and the institution’s network when the device is brought back on campus.
According to Jeff Hurmuses, Area VP and MD, Asia Pacific, “The digitisation of the Australian education industry, and the rise of LMS and eLearning platforms represent fantastic opportunities for schools, universities and students. But this also means more devices, both institutional-owned and student-owned connect to the network.”
“Students use an increasing number of devices – on campus, at home and on the go – connecting endpoints to both secure and unknown networks. This increases the risks of devices being infected, putting the institution’s corporate network and the student’s personal data at a greater risk of being compromised”.
In fact, Malwarebytes found that devices plugged into the school networks (vs. school-owned devices) represented 1 in 3 compromises detected in H1 2019.
According to Malwarebytes Labs, schools and universities across Australia need to brace themselves for a continuing onslaught of cyberattacks.
“Cybercriminals are opportunistic: the more devices connected to an education institution’s network, the more data that is generated and therefore the more tempting the attack”, explains Hurmuses.
“The Australian education sector often puts cybersecurity as a secondary item on their list of priorities, mostly due to limited budgets, lack of internal cybersecurity skills and outdated infrastructure. However, institutions need to understand that protecting endpoints is of utmost importance. It is paramount to prioritise investments in appropriate device protection solutions, and collaborate with students and their parents to raise awareness about basic endpoint cybersecurity hygiene.”
Image by Jonathan Lin flicr cc Attribution License