ESET on Singapore Universities Phishing Incident

By Nick FitzGerald, Senior Research Fellow, ESET

This was a global campaign targeting universities around the world as educational institutions hold intellectual property (IP) that is attractive to cyberattackers. Depending on the motivations of the attackers, this IP may be sold for financial gain or used by a commercial or state actor to gain competitive advantage. 

These attacks against universities serve as a reminder that more cross-country collaboration is needed to stop attackers from gaining an upper hand as cyberattacks transcend national boundaries. More industries and governments should share information and best practices so that we have a more coordinated strategy when dealing with attacks on such scale.  

The use of a spearphishing attack here also reaffirms that people continue to be the weakest link.  More needs to be done to ensure all staff are regularly educated and updated about the latest cyberthreats and how to protect themselves. In addition, organisations should look to incorporate multi-factor authentication technology as an added layer of security. This would strengthen an organisation’s defence, especially against phishing attacks. A simple password can no longer be relied on as adequate protection against attackers. Whether it is biometrics, 2FA or other methods of authentication, multi-factor authentication technology is a stronger deterrent.

Phishing is arguably one of the oldest online scams in the world but still remains one of the most effective and commonly deployed by cybercriminals. These are some common signs of phishing attacks and tips for users to remain safe:

-       Peculiar domain names - Users should always place their mouse over a web link in an email to see if they are actually being sent to the right website as cybercriminals may use these ‘fake’ sites to steal login credentials.
-       Shortened URLs – Cybercriminals often mask ‘fake’ sites using URL shortening services. Be aware that there are very many more URL shorteners than the well-known few such as Bitly and TinyURL!
-       A sense of urgency – Cybercriminals know that exhortations to action at very short notice tend to switch off our critical faculties, as the ‘need to help’ takes hold, so be especially aware of messages with a sense of urgency.
-       A request for personal information – If unsure, users should make an independent check with the organisation involved.

-       Poor grammar – Spelling mistakes, typos and unusual phrasing are unlikely in official communications from a legitimate service provider.

-       Always double check when unsure – If you have the slightest doubt about the authenticity of any email, the golden rule is to always check with the relevant administrators.

For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
    Blogger Comment
    Facebook Comment