The cybersecurity threat landscape in higher education is constantly evolving. According to VMware’s “Global Incident Response Threat Report,” emerging threats against APIs and containers have gained traction during the past year, as have attacks using deepfakes. Supply chain threats also have become a significant concern, and all signs say that they will get worse in the near future.
Ransomware, phishing and other threats we’ve been battling for years are still prevalent and still evolving; for example, destructive ransomware attacks have increased in part because of the war in Ukraine. Cybercriminals are constantly looking for and trying new ways of tricking people, exploiting vulnerabilities, and compromising environments so that their nefarious activities are harder to detect and to stop. This enables them to enter environments more quickly, persist longer and spread more widely.
Here are four emerging cybersecurity threats and suggestions for defending against them. Higher education institutions can expect to encounter some or all of these threats soon.
Automated Tools Like APIs Can Be Easily Compromised
Application programming interfaces are not new, but they’re increasingly used both on-premises and in the cloud so systems can automatically communicate with each other. APIs are used to conduct transactions, share information and perform other communications between automated processes.
As APIs have become more numerous and used for more valuable purposes, they’ve also become targets for attackers. Attackers are compromising APIs not only to gain unauthorized access to data, systems and services but also to spread their attacks. And because API usage is fully automated, with no humans in the loop, API compromises and misuse are more likely to go unnoticed.
Cybercriminals Launch Threats Against Virtualization Technology
Cloud-based virtualization technologies have become ubiquitous. The use of containers is increasingly popular. Each container holds an instance of a software “image” with an operating system and applications. Containers are generally meant to be replaced frequently, sometimes every few minutes. The idea is that if a container is compromised or has an operational problem, it will be destroyed shortly anyway and replaced with a new container.
Containers can help improve security by enabling patches to be deployed rapidly without disrupting operations. However, if the image used to build containers contains vulnerabilities, attackers can compromise all the containers the same way, over and over. Attackers also are targeting the technologies on top of which the containers run, like hypervisors; a successful hypervisor compromise is generally the end for all the containers it’s running.
Software Vendor Vulnerabilities Can Pose a Risk for Universities
Attackers love it when they can attack once and compromise many assets. The newest trend in these attacks focuses on the supply chain. If attackers can compromise a software vendor’s systems, they may be able to compromise the software itself before it reaches customers. Attackers then have a foothold in all those customer environments.
The same is true for open-source software projects. An attacker who can successfully introduce malicious code, backdoors or other rogue access methods into open-source code could subsequently use them to compromise higher ed institutions and other organizations.
Deepfakes Pose a Threat to Information
In the past few years, it’s become obvious that much of the information being spread through social media and other technologies is wrong or misleading. Recent improvements in artificial intelligence and graphics have enabled the next generation of disinformation in the form of “deepfake” videos. Deepfakes can look and sound completely authentic, but they’re not.
Click the banner below to learn more about our exclusive Insider program.
While most deepfakes have involved celebrities, others take on the personas of government officials and other leaders. Imagine if an attacker could make videos impersonating your chancellor or other well-known figure, with content completely controlled by the attacker. A single video could cause chaos by directing students to do something or damage your institution’s reputation through obscene or inflammatory language.
Incident Response and Zero-Trust Can Help Thwart Emerging Threats
You probably already have most of the pieces in place you’ll need to thwart these emerging threats, but you’ll need to make some adjustments to your security controls and risk management strategies. Here are some recommendations for improving your practices.
Update your incident response program so it’s prepared to handle incidents involving these threats. This includes providing additional training for staff, acquiring new tools and technologies for monitoring activity (e.g., API usage), and ensuring your procedures and templates include situations like responding to a deepfake video or learning from a vendor that its software was compromised.
Move toward a zero-trust architecture for your most critical administrative systems at a minimum. More broadly, require multifactor authentication for staff and faculty to the extent practical, ideally with one of the factors being hardware-based.
There’s no better place than a higher ed institution to educate your entire user community on deepfakes and other threats against information. All students, faculty and staff should be made aware of the risks of disinformation and given the critical thinking and research skills necessary to debunk the latest social media rumor or suspicious video announcement.