On Monday morning, TU Eindhoven released reports on the hacking incident that occurred last January, leading to a days-long disruption of education. At that time, the university took the network offline to prevent further issues.
The hacker was likely aiming to encrypt the systems, believes Fox-IT, the company that investigated the attack for the university. With so-called ransomware, hackers can lock down the systems; you regain access after paying a ransom.
Stolen passwords
According to an evaluation, the university proved resilient. However, the security could be improved. The hacker accessed the network remotely using stolen usernames and passwords. Two-factor authentication (with an additional check via your mobile phone) could have prevented this.
Furthermore, the university was aware that these login details had been stolen and were available on the dark web. Affected staff and students had previously been requested to change their passwords, but some ‘changed’ their password to the same (and therefore stolen) password. “We hadn’t technically secured that properly”, says chief information security officer Martin de Vries to the university newspaper Cursor.
Little experience
The hacker likely didn’t have a lot of experience. After a few days, he attempted to disable the backups and installed a tool that triggered alarms. He essentially kicked the door in, De Vries tells Cursor. “I expected he would want to remain under the radar for longer.”
Who is behind the hack remains unknown. Fox-IT detected traces of Cyrillic script, but that was not enough to determine the origin.
Higher education institutions are increasingly facing cyberattacks. The most well-known case is the ransomware attack on Maastricht University, during which a ransom of 200,000 euros was paid, although the university later recouped it with profit.
