Wednesday, February 15th, 2023
Irish universities must review cybersecurity after MTU data leak
Ireland, February 14 –
A cybersecurity expert has advised third-level colleges in Ireland to “urgently” review their protocols following a ransomware attack at an Irish university.
It is understood a large amount of staff and student data, including financial and medical details have been uploaded to the dark web by hackers who demanded a ransom from Munster Technological University (MTU) last week.
The chief executive officer of Smarttech247 Raluca Saceanu said an awareness of cybersecurity basics can be a “crucial” preventative step.
Higher Education Minister Simon Harris reiterated the support being offered by the authorities to MTU, where classes resumed yesterday following a closure of services last week.
Staff and students at MTU have been urged to be vigilant following the attack.
They were notified by the university on Sunday evening that its data had been copied and shared on the dark web. It is understood a large amount of staff and student data, including financial and medical details have been put on the dark web by the hackers.
MTU had previously revealed it was being blackmailed and held to ransom by a group of hackers, believed to be based either in Russia or part of the former Soviet Union, the High Court heard last week.
The cyberattack on MTU’s IT system, detected in recent days, is believed to have been carried out by individuals in a ransomware group known as ALPHV, BlackCat or Noberus, the court heard.
MTU had claimed those suspected of carrying out the attack are understood to be made up of former members of the ‘REvil’ ransomware group, which in 2022 attacked a supplier of Apple and was based in Russia.
The college secured an interim injunction from the High Court, in response to the incident, as an attempt to “mitigate” the data breach and to “prevent the sale, publication, sharing, possession, or any other use of any data illegally obtained from MTU systems in the course of this ransomware incident.”
Smarttech247 is behind the cybersecurity conference Zero Day Con, and Ms Saceanu said the disruption caused to students and staff at MTU is a “nightmare scenario” for any organisation.
“Finding yourself at the centre of an attack by ruthless bad actors can have a devastating effect on your business so without a doubt, prevention is better than cure,” she said.
“While investigations into how this incident unfolded are continuing, we strongly advise third-level institutions all over the country to act now and review the measures they have in place that could be key to stopping something similar happening to them.”
Ms Saceanu outlined some “golden rules” for an organisation’s protection, which she said must be prioritised in any review.
Organisations should implement firewalls, intrusion detection systems, and secure routers to prevent unauthorised access to the university’s network.
They should also implement “event monitoring capabilities” to ensure that should an intrusion occur, a security team can act fast and respond to the incident accordingly.
Institutions must ensure that sensitive data such as student records, research data, and financial information is encrypted “both in transit and at rest”.
They should also implement “strong authentication methods” such as two-factor authentication and regularly monitor user access to sensitive systems and data as well as implementing anti-virus and anti-malware software to prevent malicious attacks.