In September 2018, cybersecurity firm Secureworks discovered that academic papers on nuclear power development and cybersecurity were stolen from top British universities, including Cambridge and Oxford. The stolen information was sold online, using Whatsapp, Telegram, and certain websites in Farsi for as low as £2.
The Iranian hackers allegedly obtained access to university systems and research databases by email phishing. Students and staff from the universities received fake emails prompting them to reset their passwords to access their academic research databases. The hackers used the credentials entered by unsuspecting users to log on to the academic databases and download the data.
Customers who were interested in purchasing research material on specific topics were instructed to send an encrypted message to a phone number using apps such as WhatsApp and Telegram containing the title of the paper they’d like to purchase. Once they made the payment, a copy of the stolen paper was emailed to them.
Six months prior, the US Department of Justice and UK’s National Cyber Security Centre revealed that Iranian hackers were targeting universities around the world. In spite of previous warnings, many universities appear not to have done much to prevent this kind of confidential data leak. To prevent further attacks and beef up security, Secureworks advises all universities to implement multi-factor authentication and set complex password requirements for accessing their online library database.
Don't want to make the news for the wrong reasons? Download ManageEngine Log360, the tool that can help combat internal and external security attacks.
ManageEngine Log360 can locate suspicious emails in your organization with the help of preconfigured reports based on:
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.