King’s College has warned staff and students that a brute-force attack on the 9th of April may have compromised password systems.
Admins were first made aware after several of the University’s users reported issues when accessing their email accounts. In a memo to users, released shortly afterwards by the network administrators, it was theorised that accounts were “about to be compromised” – suggesting that a brute-force attack was in process. The administrators then revealed that the passwords were being amended not because of, but in response to the attack. The full memo reads:
“Some of you may have recently experienced difficulties in accessing your email account or been notified by IT that your password has changed. This is because our technical teams in IT have made changes to some accounts at King's that we suspected may about to be compromised. Our security teams have been taking steps to protect King's accounts over recent days after detecting some malicious activity.”
The attack seemingly targeted Office 365-connected systems and is reported to originate from China; a worrying revelation after numerous reports that Chinese hackers were specifically targeting universities for military research secrets.
At the time of writing, no loss or data theft has been officially reported, so students are presumed safe following the quick-thinking response of the admins.
This breach comes hot off the heels of an eye-opening study by the Joint Information Systems Committee (JISC). In early April, the higher education support company orchestrated an ethical hack, using spear-phishing tactics on 50 universities as part of a ‘penetration testing’ service. The result? A 100% success rate when breaching the high-profile data of each. Yikes.
As always, when administering logins to users, we can’t stress the importance of such security features as Two-Factor Authentication, SaaS Protection and Standard Remote Working Environments Policies to avoid such mishaps as these.
King’s College Managed to Avoid a Major Security Breach
Without the right support or systems, could your company do the same?
Our FREE Cyber Security Assessment Provides a True and Accurate Picture.