Key Takeaways:
- Microsoft reports a significant increase in cyberattacks on educational institutions, with over 2,500 attempts per week.
- Hackers are particularly targeting higher education for intellectual property theft.
- This report urges educational administrators to bolster defenses through multifactor authentication and modern security measures.
Microsoft’s latest edition of the Cyber Signals report sheds light on the escalating cybersecurity threats facing educational institutions. It delves into the tactics, origins, and capabilities of cybercriminals targeting the sector while offering practical recommendations to help organizations strengthen their security defenses.
According to Microsoft, this report draws on telemetry data from Defender for Office 365 and 78 trillion daily security signals collected across various platforms. The company found that educational institutions are now hit with over 2,500 cyberattack attempts per week, with most of these attacks occurring in the second quarter of 2024.
QR Codes: A disguised vulnerability for phishing cyberattacks
Microsoft mentioned that educational institutions face a variety of security threats such as Internet of Things vulnerabilities, phishing campaigns, and nation-based attacks. It indicates that cybercriminals exploit Office 365 to send 15,000 malicious QR code messages daily to the education sector.
“Legitimate software tools can be used to quickly generate QR codes with embedded links to be sent in email or posted physically as part of an attack. And those images are hard for traditional email security solutions to scan, making it even more important for faculty and students to use devices and browsers with modern web defenses,” the Microsoft Threat Intelligence team explained.
Hackers have specifically targeted higher education institutions, such as universities and colleges, to steal intellectual property and access scientific research. Microsoft pointed out that universities often develop AI projects for government agencies, defense departments, and private companies, making them prime targets for cybercriminals. This has led threat actors to employ various tactics to steal sensitive information and gain unauthorized access to valuable data.
Microsoft warns that hackers could exploit compromised accounts to infiltrate government or defense-related organizations. IT administrators must implement strong cybersecurity measures to prevent such attacks on higher education institutions.
Microsoft calls for caution with QR codes and stronger security practices
To counter sophisticated attacks, Microsoft advises users to avoid opening QR codes from unknown sources and to check the URL before proceeding. Additionally, administrators should implement proactive domain name services to prevent users from accessing malicious websites.
Microsoft also recommends that administrators enforce multifactor authentication to prevent password spray attacks. They should educate students and staff on creating strong passwords and encourage the use of passwordless security measures.