The UK’s Open University has been targeted with over 1 million malicious email attacks from January to September this year, according to official figures obtained by the think tank Parliament Street following a Freedom of Information (FoI) request.
The data revealed that attacks on the higher education institution, which offers flexible undergraduate and postgraduate courses for adults of all ages, was evenly spread throughout the nine-month period, averaging 132,368 attacks and spam messages per month.
Encouragingly, each one the 1,191,312 malicious emails, which included spam, malware and phishing attacks, were successfully blocked by the Open University’s servers.
Overall, 6804 messages were blocked due to suspicion of malware while 16,452 phishing emails were detected and prevented from reaching their intended targets.
Education institutions have been heavily targeted by cyber-attacks since the start of the COVID-19 crisis, with threat actors exploiting to growth in online learning methods due to social distancing measures. For instance, a study in September found that distributed denial of service (DDoS) attacks against online educational resources are over three times more prevalent in 2020 than they were last year.
Chris Ross, SVP sales, international at Barracuda Networks commented: “The nature of the Open University, and the fact that a majority of its courses take place online, means cyber-attackers will inevitably attempt to target the abundance of data stored in its servers, hence the significant quantity of scam attacks facing the institution.
“To add to this, our recent research revealed that spear-phishing attacks are disproportionately targeting educational institutions across the world, with over 3.5 million phishing emails hitting over 1,000 global schools and universities from June through to September of this year."
Ross went on to say whilst it is certainly a good thing that the Open University has, so far, managed to successfully protect itself from a data breach, it is important that security standards are maintained, and the right software and training is constantly updated, to keep pace with the rapidly changing cyber threat-scape.
"Furthermore, due to the sensitivity of information stored in its servers, education institutions must ensure that all data is backed up in a third-party, encrypted cloud backup solution, which will also enable protection from the growing trend in ransomware attacks facing universities.”