UNB successfully defends against massive increase in cyber attacks

There's been a dramatic increase in cyberattacks on the University of New Brunswick recently, according to David Shipley, the university'sdirector of strategic initiatives for information technology services.

So-called brute force remote intrusion attacksrecently hit a new all-time high of 185 million in oneweek.

The digital equivalent of "shaking locks and checking for open doors and windows," according toShipley, the number of attacks has increased from an average of one million a week to 51-85 million a week over the four years he's been on the job.

In a brute force intrusion attack,cybercriminalsuse automated programs to "literally try to connect to every device on campus through different ports, or connection types," saidShipley.

Universities, hospitals, and other large institutionsare attractive targets for criminals since they store large amounts of personally identifiable information.Once collected, some data "can be sold on the black market for $10 to $15 per entry," saidShipley.

He says the valuable, patented research conducted at higher learning centres can also be sold for much more sometimes,millions of dollars.

Any lazy criminal can do it

The barrier to entry is low when it comes to trying one's hand at exploiting vulnerable computer systems.

"Anyone in the world now can go and download these tools and commit crimes," saidShipley.

More organizations are experiencing the fallout firsthand. Earlier this summer the Saint John Development Corporation said itlost valuable data to aransomwareattack on office laptops. Recently, the University of Calgary paid $20,000 toscammersafter aransomwareattack on its computer systems.

Recently, the UNB Faculty of Forestrywas hit withransomware, but "fortunately we were able to restore them," Shipleysaid.

Criminals tend to cast their net wide, hitting myriad devices to see what valuable information they can dredge up.

Unfortunately for institutions, international law tends to tag behind the tech used byscammers. Only a "tiny percentage" ofcybercrimesare reported,Shipleysaid, and and even fewer are caught, since most scams tend to cross international borders.

• Saint John Development Corporation finds cyber attack damage
• University of Calgary paid $20K in ransomware attack

Fewer attacks effective

Fortunately for large institutions, most of the attacks aren't particularly effective.

UNB has successfully developed a four point strategy that includes "a new IT security policy, data governance plan, prevention strategy, and cyber security awareness program for faculty and staff," Shipley said.

It's "social engineering scams"those that manipulate individualsusingemail, phone, and textthat people really need to watch out for.

Investing in firewalls, first-rate backup strategies, and other tools to deal with the attacks, as well as the increased internet traffic they generate, are an unfortunatecost of doing business within the "broader trend in cybercrime,"Shipleysaid.

Still, he said, the remote intrusion and brute force attack numbers are "a canary in the coal mine. [They] show just how out-of-control cybercrime and cyberattacks are getting."