sb-nz logo
Story image

UK university targeted by one million malicious email attacks

The Open University in London has been bombarded by more than 1.1 million malicious email attacks over the past nine months, from January 2020 to September 2020. 

That is according to official data obtained by a Parliament Street think tank via a Freedom of Information act request.

All malicious messages, which included spam, malware and phishing attacks, were blocked by the university’s servers.

In its response to Parliament Street researchers, The Open University revealed that the malicious email attacks were divided equally over the course of the examined nine month period, with roughly 132,368 email attacks and spam messages blocked each month.

The data also revealed that 6,804 messages were blocked due to suspicion of malware and 16,452 phishing emails were detected and blocked.

The Open University is a higher education institution which specialises in distance learning courses, flexible part-time study and open learning for undergraduate and postgraduate courses and qualifications, for adults of all ages.

“The nature of the Open University, and the fact that a majority of its courses take place online, means cyber attackers will inevitably attempt to target the abundance of data stored in its servers, hence the significant quantity of scam attacks facing the institution," says Chris Ross, SVP Sales, International for Barracuda Networks.

“To add to this, our recent research revealed that spear-phishing attacks are disproportionately targeting educational institutions across the world, with over 3.5 million phishing emails hitting over 1,000 global schools and Universities from June through to September of this year," he says.

“Whilst it is certainly a good thing that the Open University has, so far, managed to successfully protect itself from a data breach, it is important that security standards are maintained, and the right software and training is constantly updated, to keep pace with the rapidly changing cyber threat-scape," says Ross. 

"Furthermore, due to the sensitivity of information stored in its servers, education institutions must ensure that all data is backed up in a third-party, encrypted cloud backup solution, which will also enable protection from the growing trend in ransomware attacks facing Universities.”

Andy Harcup, VP Sales, Absolute Software comments, “As the second national lockdown puts more people out of work, and hinders ‘traditional’ education institutions, millions will be looking towards the Open University in an effort to boost qualifications, retrain in a new career path, or learn a new skill. 

"Therefore, unfortunately, cyber attackers will attempt to target the onslaught of new personal devices which will soon be added to the Open University’s nationwide network of devices, all of which are likely to be connected, in some way, via shared data storage points and cloud SaaS applications, for example," he says.

“Therefore, prospective students, and the Open University itself, must ensure that its devices are protected by a sophisticated endpoint security solution, which will ensure that a compromised device can still be accessed, controlled or frozen, so that breached log-in credentials or a stolen device, does not necessarily equate to a loss of data.”