Cyber attack on leading university is just a 'first tremor' says expert

Cyber attack on leading university is just a 'first tremor' says expert EXCLUSIVE: The University of Nottingham has been rocked by a cyber attack which has seen 'a significant amount of student data' accessed, as experts say it could be just the start Cyber security experts have warned a damaging attack on the University of Nottingham could set off a chain reaction as education bosses are told to arm themselves before it's too late. Officials confirmed this week that students had been left exposed by a major breach which could disrupt their exam marking. Pupils' personal and financial data could have been accessed after hackers gained access at the end of May - potentially revealing their personal information. In an email sent to students, chief governance and risk officer Jason Carter said it was possible data had been accessed by a "well-known cyber criminal group that has previously targeted a number of other organisations". The university hauled the system offline to conduct an investigation, resulting in disruption to exam marking. The data violation into the Campus Solutions platform by a group of cyber-criminals, understood to be the ShinyHunters, was only detected by staff on Tuesday. Now experts at online security firms have detailed the impact of the attack and fear it could be just the start. Raluca Saceanu, CEO at Ireland-based Smarttech247, told The Mirror: "Most attackers don't discriminate: Nottingham is likely just the first tremor in a chain reaction of similarly affected businesses. "In this environment, trust is critical. That's only possible if all parties react swiftly and effectively to the threat; if communications are open and intelligence is shared immediately; and if security in every organisation has a human face that's clearly following best practice and protocols. Without this, every part of the supply chain remains an island. And isolated victims are much easier to pick off." Lee Sult, Chief Investigator at Binalyze, says the latest breach in a painful reminder that attackers "love the path of least resistance". He said: “If it’s all true, ShinyHunters is on a winning streak against universities. This is the latest addition to their trail of havoc in the education sector. Just recently we had the ransomware attack and settlement on education software provider Canvas which impacted countless universities and people. They’re getting what they want from their attacks. “If this is a supply chain attack. Why compromise a group of organisations separately when you can just do one and move laterally from there? It also makes it clear that nobody is exempt from being a target: if you use software, you’re in the firing line. “Initial reports suggest the attackers have stolen financial data and even National Insurance numbers. That can be used for devastating follow-on attacks should the data be shared among cybercriminal groups for scams and phishing attempts." In a statement, the university apologised to those affected for "any anxiety" caused by the attack. A University of Nottingham spokesperson said: "The University of Nottingham has been the victim of a cyber incident and a significant amount of data in our student record system has been accessed by a well-known cybercriminal group. "We are working with the third party that maintains the platform to lead a forensic investigation. We understand that those affected will have concerns about what this means for their personal data and we will be offering advice and support to our students as we learn more. "We take the privacy and security of data that we hold seriously, and we have reported this incident to Action Fraud and the Information Commissioner’s Office. The university will continue to provide them with further information as our investigation progresses." An email sent to impacted students by the university warned them to be vigilant on "unexpected or suspicious communication", particularly requesting financial information. In the email Jason Carter, the university's chief governance and risk officer, described the breach as a "serious incident", said he was "deeply sorry" and asked affected people to change passwords. Asked what information the Campus Solutions software stored, one staff member simply replied "everything" before adding "I would like to think a good, effective organisation would notice if a major thing like this happened. You'd hope it wouldn't take 10 days to notice." The employee added that he believed the data of thousands of people had been compromised. If problems with the hacked software continued into next week this would be "hugely disruptive" to exam marking, they added. The University of Nottingham said it had contacted the Information Commissioner's Office, which investigates data breaches, and the National Crime Agency said it was aware of the breach. “We are aware of an incident affecting the University of Nottingham and are working alongside partners to better understand the impact,” a NCA spokesperson said.