Learning From Recent Attacks at U.S. Campuses
| by David Maxwell, CISO & Director of the Information Security Practice at Columbia Advisory Group
Spearphishing campaigns are on the rise across higher education campuses. Attackers target college and university students in an attempt to steal financial aid funding and redirect these deposits to outside bank accounts. Recent FBI alerts note that such attacks increase in frequency during student aid disbursement periods.
What do these attacks look like, and what can your organization do to proactively stop a successful attack?
Using Email to Hide in Plain Sight
In February of 2018, the FBI received a notification of a campaign targeting students at a university in the southeastern United States. The students received an email requesting their login credentials for the school’s intranet, which the cyber criminal then used to access a third-party vendor managing the disbursement of financial aid.
The criminals successfully redirected direct deposit information for 21 students, stealing approximately $75,000 in total. The accounts were accessed by at least 13 identified IP addresses in the U.S.
In August of 2018, the Department of Education identified a similar attack targeting multiple higher education institutions. This time, the cyber criminals sent students an email inviting them to view and confirm their updated billing statements by logging into the school’s student portal. This information was then used to successfully change the direct deposit destinations to the cyber criminals’ bank accounts.
Choosing Their Targets
The nature of these spearphishing emails indicates a thorough recon of the target institutions. The criminals were able to gain an understanding of the school’s use of student portals and third-party vendors for processing student loan payment information.
How You Can Protect Your Students
We believe in the importance of being prepared. Implementing preventative measures can help secure your systems from attacks. Schools of every size need to:
- Notify all students of phishing attempts and encourage them to be extra vigilant
- Implement two-factor authentication for access to sensitive systems and information
- Monitor student login attempts from unusual IP addresses and other anomalous activity
- Educate students on appropriate preventative and reactive actions to known criminal schemes and social engineering threats
- Apply extra scrutiny to emails with links or attachments directed toward students
- Apply extra scrutiny to bank information initiated by the students seeking to update or change direct deposit credentials
- Direct students to forward any suspicious requests for personal information to the IT or security department
Combating spearphishing campaigns requires diligence. This includes keeping up-to-date on mitigation strategies against spearphishing and network infrastructure targeting. For recent guidelines, check out the recent alerts from the Cybersecurity and Infrastructure Security Agency (CISA) and National Cybersecurity and Communication Integration Center (NCCIC).
About the Author
David Maxwell is the Chief Information Security Officer & Director of the Information Security Practice at Columbia Advisory Group. He is responsible for overseeing and managing CAG’s cybersecurity and cyber threat assessment team and provides strategic leadership, performance management, and program support.
Learn more about E&I’s Columbia Advisory Group contract.