PETALING JAYA: Higher education institutions (HEIs), which moved their learning and tasks online since the Covid-19 pandemic, have come under cyberattack threats.
These institutions, which deal with large amounts of valuable and sensitive personal data, have become targets of cyber-criminals, espionage, and hacktivists for ransomware attacks, said Malaysian Association of Private Colleges and Universities president Datuk Parmjit Singh.
“Since the start of the pandemic early last year, HEIs faced significantly greater exposure to cybersecurity attacks because we had to quickly pivot to online learning with most of our workforce functioning remotely.
“All our services, systems, data and content had to be digitalised and moved to a cloud,” he told Sunday Star.
Parmjit, who is also Asia Pacific University CEO, said the varsity’s Network Intrusion Monitoring System recorded a rise of over 50% in cyber attacks – including ransomware – as compared to the pre-pandemic period.
“The most recent ransomware called Spook was detected on Nov 15,” he said, adding that that one attack involved phishing emails asking the recipient to fill up a form on a website in order to be rewarded with an online shopping voucher.
“When our security specialists performed a detailed investigation, they found that the website had been compromised and was hosting malware disguised as a PDF file.
“Once someone clicks on the icon, the malware will download and execute a ransomware code to encrypt the victim’s data and drop a ransom note into the person’s desktop folder,” he said.
In the case of Universiti Sains Malaysia, it recorded four cases involving non-critical assets and portable disk drives, said its Centre of Knowledge, Communication, and Technology Digital Management Division Cyber Security Section head Khairil Anwar Jusoh.
USM, he said, managed to recover the data because they kept backup copies in a cloud and also restored data from previous disk images.
Cybersecurity Malaysia chief executive officer Datuk Dr Amirudin Abdul Wahab said four out of 69 ransomware attacks from January to October this year occurred in education institutions.
“One of the primary methods that hackers use to intrude into any organisation’s system or network, other than open and unpatched system vulnerabilities, is by using targetted phishing attacks.
“For example, these hackers can impersonate students or lecturers and send emails with malicious hyperlinks disguised as homework or assignment submissions.
“These are only waiting to be clicked by someone who doesn’t check and verify the links first,” he said, warning that methods used by hackers are constantly evolving.