A recently concluded FBI investigation reveals the unsettling story behind a seemingly harmless email sent in 2015 to 43 researchers at the Universities of Bergen and Oslo, Norway.
Apparently sent by a German colleague it requested them to forward a number of research papers. The researchers were asked to click on a link that led them to a webpage looking exactly like the well-known log-in page of their own university. When the researchers typed in their user names and passwords, they were stolen by cyber criminals. Now, more than 3 years later the investigation shows that the attack originated from Iran and was part of a global raid hitting 144 universities in the US and 176 universities in 21 other countries, with the purpose of downloading research papers and selling them at a profit.
The incident is one of many, and it shows that research & education is as much a cybercrime target as any other part of society. And the need for fighting cybercrime is increasing. Experts predict that while digital tools and connectivity are becoming a more and more integral part of modern life, cybercrime is evolving as well, and with it the potential damage it can do to not only individuals, organizations or companies, but also to a nation’s vital infrastructures of communication, transportation, energy and water supply, etc.
Luckily, one of the researchers receiving the email got suspicious and reported it to the university’s response team enabling the team to locate the other recipients and issue a warning to them. Also, the incident was reported to the Norwegian R&E network Uninett, and to the national cyber security organization NorCERT.
NRENs protecting the sector
Research & Education networks play an important part in protecting universities and research facilities from phishing-attempts, DDoS attacks, ransomware, and much more.
That goes for Norway as well, and Uninett has launched a number of initiatives to strengthen cyber security in the research and education sector, among them conducting crisis management workshops and assisting universities and research institutes in establishing their own Incident Response Teams. Central to all this is Uninett CERT, the incident response team for the Norwegian research and education sector. Uninett CERT continuously works to prevent, discover and handle cyber incidents in the Norwegian R&E community. Prevention includes e.g. threat assessment, analysing vulnerabilities, and monitoring network traffic.
When it comes to cyber security cooperation is crucial, and Uninett CERT collaborates and shares sensitive information about security threats with local response teams in the R&E sector, with the national cyber security organization NorCERT and with FIRST, the international cooperation of security teams.
New joint initiative
Recently the Norwegian government asked Uninett to lead a joint initiative to further strengthen cyber security in the R&E sector. One of the goals is to establish a technical platform for analysing security threats. The huge amount of data to be analysed calls for automated solutions involving e.g. machine learning to stay ahead of threats. Also, it is planned to develop tools that can detect an attack in one part of the sector and then prevent an attack from spreading to other parts of the sector. Coordination and collaboration are key, with close cooperation between national response teams in the R&E sector. Among other things the large response teams at Uninett and at the University of Oslo and the Norwegian University for Science and Technology will assist smaller universities with lesser capabilities in threat prevention and handling.
According to the University of Oslo, specific phishing attempts targeted at researchers like the one mentioned above are occurring approx. once a week.
The new cyber security initiative in the Norwegian R&E sector is part of a nationwide initiative to defend the country’s e-infrastructure, with similar initiatives being launched in the energy, telecom and health sectors.
For more information please contact our contributor(s):