British universities targeted in swathe of cyber attacks leading to IP data leaks
Hundreds of cyber attacks launched against British universities have resulted in leaks of valuable scientific, engineering, medical and defence research.
Some of the country’s top institutions have seen cyber-security breaches double in the last two years, according to data acquired under freedom of information laws by The Times.
There were more than 1,100 cyber security breaches, including unauthorised access of accounts and machines, at the University of Oxford, the University of Warwick and University College London (UCL) among others in 2016-17, the figures show.
Experts have warned that research gathered at great expense over years could be stolen by hackers and passed on to unscrupulous governments.
Carsten Maple, director of cyber-security research at Warwick and chairman of Britain’s council of professors and heads of computing, told the newspaper: “Universities drive forward a lot of the research and development in the UK.
“Intellectual property takes years of know-how and costs a lot. If someone can get that very quickly, that’s good for them.
“Certainly somebody might attack a university and then provide that information to a nation state.”
Prof Maple said attacks were advancing in nature to target institutions’ infrastructure, such as heating and ventilation, which are now often connected to the internet.
“That’s especially worrying for places like the health service,” he said.
In May, large parts of the NHS were crippled by a cyber attack that saw computers hijacked and held for ransom by malicious software.
Another form of cyber attack called “distributed denial of service” attempts to overwhelm a target machine or network with web traffic.
Queen Mary, University of London, told the newspaper it had blocked 38.75 million cyber attacks in 2016-17.
Meanwhile, the University of Oxford recorded 515 incidents of unauthorised access to its accounts or machines over the period.
UCL saw 57 successful attacks in 2016-17 and Oxford Brookes said an attack in July saw research data compromised.
The universities did not reveal what research had been affected.
Dave Palmer, director of technology at cyber security company Darktrace, told the newspaper that hackers hoped to steal cutting-edge research into advanced weaponry or energy.
Shadow Home Office minister Louise Haigh commented, “There should be no compromise on cyber security”, going on to say that in difficult financial times many public sector organisations are “being left with outdated operating systems”.
The National Cyber Security Centre (NCSC) urged organisations to ensure their online security is robust, as they “can’t do this alone”.
A spokesman told the paper: “Our Active Cyber Defence measures aim to automatically block, disrupt and neutralise malicious cyber activity before it reaches users.
“These services are helping local authorities and the NCSC is working on the ways that protection might be extended to universities.”
In July, a report analysing the potential damage of different types of cyber attack concluded that they could cost governments and businesses tens of billions of dollars, even matching the scale of Hurricane Sandy for certain types of attacks.