Aug 26 2020

Why Higher Ed Should Prepare for Uncommon Malware Attacks

As cybercriminals take advantage of new attack opportunities in the remote work landscape, schools must be prepared to handle malware from unexpected vectors.

As post-secondary schools navigate the new normal, data security is more critical than ever. With most colleges and universities opting for online instruction models such as blended learning, hackers see more opportunities to attack.

Cybercriminals “have been more successful than, maybe, in the past,” Michael Duff, Stanford University’s CISO, said at a Proofpoint virtual education roundtable in August. “This is one of the greatest disruptions the country has ever seen. On top of that, we have this visual medium where they can reach everyone and play on their fears,”

IT teams already have all the common malware formats on their radar. Phishing and ransomware, for example, remain a critical problem for many institutions. And IT teams are working aggressively to safeguard schools against these attacks. But higher education could also benefit from taking note of less common cybersecurity threats that are on the rise in other industries.

From steganography attacks — where hackers embed malicious code into seemingly innocuous images — to pandemic-themed profiteering efforts, it is not enough for higher education to only defend against the familiar threats. Schools must now find ways to anticipate emerging malware manifestations.

Beware of Stegosploit, an Uncommon but Dangerous Threat

Consider uncommon steganographic attacks such as Stegosploit, which is now targeting industrial firms. This malware modification made a name for itself three years ago before vanishing into the electronic ether. And it’s catching cybersecurity departments by surprise with a comeback.

While the name Stegosploit may sound like a dinosaur, it’s actually a type of malware that uses doctored images to do its work. Malicious code is embedded in an image file, such as a .JPG, and attached in an email. When the file is opened, the malware executes and can bypass existing security controls. For attackers, the benefit of hiding in plain sight is that many spam filters will not catch the modified image code, allowing it to easily slip through post-secondary security networks.

It is precisely the fact that steganographic attacks do not happen often that makes them dangerous. Schools are simply not on the lookout for this type of malware.

According to Brian Kelly, director of the cybersecurity program at EDUCAUSE, higher education institutions should be prepared for uncommon attacks like Stegosploit. “Colleges and universities need to be aware of and track emerging attack vectors in order to successfully block threats and protect their networks against steganography-based threats,” he says.

READ MORE: Learn more tips for reducing key remote learning security risks.

Simple Ways to Protect Networks from Emerging Threats

Colleges and universities are seeing more mature attacks in which foreign threats are not only stealing and reselling data but also hoping to cause political unrest.

Vince Kellen, CIO for University of California San Diego, says his school “is seeing more activity from sophisticated attackers related to state actors from China, the Middle East and Russia.”

“For the vectors coming from China, the attackers are interested in intellectual property at U.S. universities, including that related to COVID-19 research,” he says.

Kellen also speaks to the rise of fake COVID-related websites. “While these include mostly phishing campaigns in emails, we are also seeing far better fake sites that look just like the commercial website and can trick people into thinking they’re visiting a safe site,” he says.

For his part, Kelly offers five recommendations to prevent advanced phishing attacks and other emerging threats, such as Stegosploit:

  • Use shared threat intelligence to stay up to date with steganographic and other emerging threats. Share threat intelligence with your peers.
  • Block known steganographic and fake COVID-themed message traffic.
  • Observe and test for suspected phishing and steganographically obscured malware.
  • Inspect applications and other code that might conceal malicious content.
  • Expedite and prioritize vulnerability patches updates, and policy controls.

MORE ON EDTECH: See how IT and university leaders are getting on the same page.

How to Address the COVID-19 Attention Deficit

Kellen highlights the biggest problem with evolving attack vectors: a decrease in attention. “Since everyone is thinking about COVID nearly all the time now, attackers are taking advantage of that shift in attention,” he says. As teams focus on mainstream attacks, those on the fringes have unprecedented opportunities to find potential weak points.

But there are simple solutions to this. Kellen notes the steps required for effective IT security “are well-known and well-documented for both less common and the most common forms of attack.”

The most important techniques usually include multifactor authentication, quick patching, modern password practices and monitoring networks and systems for suspicious activity. “Using tools to potentially identify phishing and stop it are the most important techniques we have to protect us,” Kellen says.

Kellen also makes it clear that the challenge here is behavioral discipline. As a result, post-secondary schools must deploy a combination of technical controls and regular training to ensure both ends of the IT spectrum — people and processes — are protected from common and uncommon attacks.

Colleges and universities remain popular targets for malicious actors. Whether this means facing common threats such as ransomware, COVID-19-themed phishing attacks or less common image exploits, post-secondary schools must prioritize a big-picture approach that delivers both solid behavioral education and sophisticated network protections.

tcareob72/Getty Images