Cybersecurity is something that concerns everyone

“The bursar wants access to this folder...” You might receive an email just like this in your inbox. I received one just like that at the beginning of the academic year. I didn't click on the link because I had no business with the bursar, and it seemed strange to me. Things got really suspicious when my colleagues asked me what they should do with an email from the bursar. So we agreed not to do anything... and we passed the test.

It was a typical example of a phishing attack: an attempt to obtain login credentials via a fraudulent email. “We carry out such tests repeatedly. Even though we continuously issue warnings about such attacks, and people are aware of what to look out for and how to behave in such situations, the educational effect of a real or simulated attack is much greater.

At the Institute of Computer Science, Plesník is responsible for IT operations and development. He emphasises that everyone should follow the principles of safe behaviour in cyberspace without a second thought. People – not university IT services – are currently the weakest link in data protection.

Established in 2009, the CSIRT-MU is a cybersecurity team with the highest international certification. It is responsible for raising awareness of, protecting against, and responding to cyberattacks at Masaryk University. The Institute of Computer Science’s team has two components: a reactive one, which is on call every day to deal with attacks, and a proactive one, which strives to reduce the university’s exposure to digital risks on a continuous basis.  

Anyone can be valuable to an attacker

The cybersecurity team is responsible for setting rules, organising training and raising awareness of cyber risks. “People often don’t take IT security very seriously because they don’t see themselves as high-value targets and believe that attackers can’t cause much harm through them. However, attackers who exploit work and study emails and other communication channels for malicious purposes see it differently. They are interested in peoples’ identities and data, which they can steal and use to gain access to the university’s systems,” notes the cybersecurity expert.

So, what exactly are cybercriminals looking for? “Well, starting with what first comes to mind, it’s money – MU’s budget is over CZK 13 billion, which makes it a tempting target. However, there are other resources that may be even more appealing to attackers. For example, the university’s enormous computing capacity could be exploited for cryptocurrency mining or to launch attacks on other institutions. Then there are attacks aimed at extorting institutions by encrypting their personal, operational or research data and demanding payment to restore access.” 

700 attacks per day

Numbers show that Masaryk University’s resources attract attention. From January to October last year, the university experienced around 220,000 less serious cyberattacks, most of which could be handled by automated systems. During the same period, the CSIRT-MU security team dealt with an additional 2,300 serious incidents that required direct intervention.

The most serious include attacks by specialised groups known as Advanced Persistent Threats (APTs). “Such attacks are carefully planned over several months, when the attackers map the organisation and gather a wide range of information before attempting to penetrate its systems. Their goal is to infiltrate the organisation inconspicuously and remain undetected for as long as possible in order to exploit its resources or steal information,” explains Plesník, adding that APTs often exploit stolen identities belonging to employees, students or graduates to gain access.

The university’s security team is experienced in dealing with diverse types of attack. “We have been dealing with APT attacks trying to obtain or encrypt university data for years. We have uncovered cryptocurrency mining and, of course, we deal with classic DDoS attacks trying to overload our systems or paralyse certain services. We have also encountered the storage and distribution of inappropriate content, such as pornography. However, I must emphasise that this is not unusual. In fact, many organisations face this problem, including hospitals, government agencies and private companies.”

In addition to attracting criminals due to its significant resources, the university may also be more vulnerable. This is mainly due to the high turnover of people gaining access to MU systems, with over 10,000 new students joining every year. That is why we are also trying to raise awareness and improve the organisation of systems, so that the sensitive ones are better protected.

Don’t be afraid to admit mistakes and report problems

Everyone can contribute to better protection, not only through classic measures such as strong passwords, but also simply by reporting an attack that they have experienced themselves.

This is particularly true of incidents involving successful phishing attacks or extortion. “Extortion is very common and the attackers usually demand a ransom. I want to emphasise that the cybersecurity team is not here to judge anyone. Just tell us what’s going on and we will help you. You will only earn praise for doing so,” adds Plesník.

Any information about an attempt to penetrate MU’s cyberspace could help to reveal new tactics and methods adopted by the attackers. “The thing that worries cybersecurity experts the most is what they don’t know. Without information, we won’t know what’s happening in our systems, which types of attack have been successful and which data have already been compromised.