Did ‘exposed’ data on dark web lead to ransomware attack on Scottish university?
Police and national cyber experts are investigating after a Scottish university – which had thousands of leaked email addresses, passwords and ‘compromised accounts’ posted on the dark web – fell victim to a ransomware attack.
The University of the Highlands and Islands (UHI) is the latest body to be targeted after hackers infiltrated systems earlier this month. Spread across 13 campuses in the north of the country, UHI closed its facilities to students and staff on March 8 as it dealt with an incident that impacted ‘key systems and services’. The hack comes three months after the devastating ransomware attack on the Scottish Environment Protection Agency (SEPA) but is not believed to be as severe.
The university said in a statement that it “did not currently believe personal data had been affected”.
However, our investigation carried out with the help of KELA, a global darknet threat intelligence firm based in Israel, revealed that UHI data has previously been posted on darknet sites, and may have been used by hackers to mount the attack.
According to its analysis, there are over 8,000 ‘leaked credentials’ – including email addresses and sometimes passwords – belonging to UHI staff and students that have been leaked or stolen and possibly traded on underground web forums. A further 100-plus ‘compromised accounts’ were also found on malicious dark web sites, including one that indicated access to Active Directory Federation Services – a software component developed by Microsoft – ‘probably related to internal systems’, according to KELA.
Victoria Kivilevich, threat Intelligence analyst at KELA, stressed that the leaked credentials and compromised accounts were not necessarily connected to the ransomware attack. However she said: “They just show what opportunities the cyber-criminals have in targeting these institutions.”
Leaked credentials are raw information belonging to individuals online, for example an email account or password, and can lead to hackers carrying out phishing attacks. A compromised account is evidence of a machine infected with information-stealing trojans such as AZORult, Vidar, Racoon and others. These machines contain saved credentials and personal information – for example an email and password coupled with a specific link to a website login page – belonging to either employees, clients, or partners; therefore, if purchased by threat actors, they can put the organisation at “serious risk”.
In the case of universities, leaked credentials may belong not just to employees, but also to students depending on the university’s policy of assigning emails. In a service status update, the university produced a green, amber and red guide to what services were currently available. According to the guide, several key systems including the MyUHI portal – a remote access platform to network drives, files and applications – was marked red, meaning it was unavailable due to the cyber incident. Other services downed by the attack included access to printing.
Kivilevich added that – unlike the attack on SEPA on Christmas Eve – there is no evidence at this point in time of any data belonging to UHI having been posted on the dark web following the ransomware attack. In SEPA’s case data that had been extracted in the ransomware attack began to be released in stages around three weeks after the initial compromise.
UHI did not respond to our inquiry but a statement read: “We are dealing with an ongoing cyber security incident which has impacted on our key systems and services at all campuses.
“Our IT staff are working hard to minimise disruption particularly because most students and staff are currently working online due to Covid-19 restrictions. Our regional and local business continuity plans have been enacted and we are currently receiving cyber assistance from the relevant authorities including Police Scotland and the Scottish Government.”
A National Cyber Security Centre spokesman added: “We are supporting the University of Highlands and Islands partnership and working with the organisation and partners to fully understand the impact of this incident. The University says that it does not believe that personal data has been affected.
“The NCSC works closely with the academic sector to help raise awareness of the cyber threat and improve its resilience.”
5G connectivity can ’empower people to restore our planet’
Six years on from the Paris Climate Accords and the world is still getting warmer. We are now seeing first-hand the impact of climate change – the floods and fires…
Cracking the code to offline computational thinking
In our digitally connected world, it can be argued that coding and especially computational thinking have become essential parts of a new ‘computing literacy’ to support traditional literacy. These computational…
Edinburgh rocket company encourages girls to reach for the stars
Since Yuri Gagarin’s maiden trip into space 60 years ago, the aerospace industry has been largely dominated by men. Men are, on average, paid £11,000 more than women. The mean…
How to keep women in tech
Discussions around the gender gap in technology tend to focus on the challenges women face when entering the sector – that is, the subjects they’re encouraged to study at school…
Putting the fun back into learning with edtech and edutainment
Life is all about learning, no matter how young or old you are. If you close your eyes for a second and think back to your school years, it will…
How Facebook took themselves off the internet… a lesson in resilience and a need to decentralise
In a post-pandemic world, one thing that we are now sure of is that we are almost completely dependent on the internet for both our social and working lives. Over…
Forget the elevator, it’s the second pitch that will help you scale new heights
What you say to industry analysts makes the difference in growth The UK is one of the most vibrant places in the world for creating tech ventures. Yet, according to…
5G dials up connected future
Enhanced connectivity can support Scotland’s objective to build a net-zero carbon nation Connecting communities using 5G-enabled technologies will be life- changing, allowing individuals and businesses to improve significantly their quality…