DTU has good and strong defence measures in place against cyberattacks. Large firewalls and effective spam filters keep unwanted web traffic and spam emails to a minimum, while email systems and web platforms have been moved to the cloud, where data is encrypted. And to further enhance security, two-factor authentication has been introduced, which requires a strong password and a one-time code before users can log on to DTU’s network. Together, these and other initiatives are making it more difficult for unauthorized persons to gain access to DTU’s systems and data.
However, there is still a constant need for staff and students to be actively involved in DTU’s cyber and data security according to Anders Fosgerau, Head of Section, Cyber & information security (CIS):
“Cybercrime can be compared to the coronavirus. Every time we find a vaccine which is effective against one variant, a new variant emerges which can somehow circumvent it,” says Anders Fosgerau.
Now stealing cookies
One example of how cybercriminals are constantly refining their methods is that they have started to circumvent the two-factor authentication by targeting cookies instead of passwords. A cookie is a file that is placed on your computer or other IT equipment when you visit a website.
The problem is that some of the security data and your system access is stored in a cookie. So, if the fraudsters can steal your cookie, they can actually steal your identity, and they can then abuse your access to DTU’s data.
“Users then find that malicious spyware is being uploaded onto their devices, where it hides and constantly tries to steal information. It’s one of the methods we know about from the gaming world, where gamers have had all their skins stolen in shooter video games such as Counter-Strike. Now, they’ve simply started stealing access to systems in the same way,” says Anders Fosgerau.
Thankless task
You have probably heard of ‘phishing’. Often taking place via email, it is one of the most common types of cyberattacks. The goal is usually to steal money, for example by gaining access to your online bank or selling personal data such as social security numbers or passwords. Anders Fosgerau says that cybercriminals have also started using other communication platforms such as Microsoft Teams or file-hosting services such as OneDrive to bypass a mailbox’s spam filter, which acts as a safeguard against phishing emails.
“Instead of sending fake emails, they’ve started sending chat messages, for example on Teams. You can also receive virus-infected files shared via OneDrive or Dropbox. In other words, places that you don’t normally associate with phishing,” says Anders Fosgerau.
In recent years, the Center for Cyber Security (CFCS), which monitors the cyber threat to Denmark, has assessed the threat from cybercrime and cyber espionage, including phishing, as being 'very high'. Anders Fosgerau describes the development as an arms race that is costing more and more resources while requiring increasingly advanced technology.
“Whether you’re part of cyber defence with responsibility for protecting an organization, or you’re an ordinary employee, it’s a thankless task. We must be better prepared to protect both our own and DTU’s data against unauthorized access, alteration, destruction, and theft,” says Anders Fosgerau.