DTU is bombarded from the outside with spam, fraud, viruses and forged emails these days. Late summer is high season for scammers, writes the Danish security service DKCERT in its annual report on the cyber threat to Danish universities and educational institutions.
Anders Fosgerau, Head of Office, IT Service, at DTU explains that DTU is exposed to cyberattacks of various kinds on a daily basis, which in the vast majority of cases are blocked by the university’s security systems.
“We’re seeing an increase both in the volume of traffic blocked by our firewall and in the amount of spam intercepted by our filters. We’re subjected to more and more attacks, which are constantly becoming more and more sophisticated,” Anders Fosgerau elaborates.
According to an estimate from Check Point, a global provider of cybersecurity solutions, in 2022 there was an average of 2,314 attacks a week against organizations in the education and research sector. This represents an increase of more than 40 per cent since 2021.
Cyber spying and extortion
The DKCERT report names the education sector as the third most at-risk sector after banking, finance, and insurance, and telecommunications and tech. Cyberattacks peak in September and January in connection with the start of studies.
“We make sure that nobody can access information, research results, or personal data that we have promised to look after. And that nobody gets away with stealing or removing data, or perhaps using it for cyber espionage. Others may be out to commit fraud. We still see a lot of false invoices as well as ransomware threats and attempts at extorting money from DTU.”
These are the primary examples of possible security breaches listed by Anders Fosgerau.
Following a large-scale, targeted cyberattack against DTU in August 2022, 25,000 users of DTU’s systems had to change their passwords. The incident led to new workflows and security measures designed to raise security levels even further and protect DTU even better against future digital threats.
Tightened security
In much the same way as the recent burnings of the Koran have resulted in tighter border controls to counter the threat to Denmark, the recent cyberattack on DTU has led to tighter access control to the university’s IT systems and networks.
Previously, if you were authorized to connect to DTU’s networks or if you had a user account, you were able to relatively freely access DTU’s various networks, IT systems—or physical buildings for that matter. That is rapidly changing.
“While staff and students used to have just one key which could open all doors DTU, now they will find more locked doors, where they will be asked to identify themselves once more—a bit like needing an extra stamp in your passport,” Anders Fosgerau elaborates.
It’s a bit like installing fire doors to minimize the damage caused by a fire erupting in a single room by preventing it from spreading to other rooms. It enables DTU to easier identify and stop the spread of cyberattacks before they can do much harm.
“It makes life a bit more difficult for IT users at DTU. Some of the feedback we’re getting from users reads: “Why can’t we just carry on like before?” But these are necessary measures that have been put in place,” emphasizes Anders Fosgerau.
He highlights an increasing need to be able to better inform IT users about the changes and relate to how the measures affect them.
Getting the balance right
In the DKCERT report, the tradition of openness and knowledge sharing within the research community is highlighted as a factor that is making the universities vulnerable to attacks.
The Danish Security and Intelligence Service warns in a 2022 report that:
“Denmark’s leading position in certain technological areas (...) makes Denmark an attractive target for foreign states such as China, Russia, and Iran, which through espionage, including state-financed industrial espionage, and illegal acquisitions are trying to get hold of the latest knowledge and technology.”
It is important for Anders Fosgerau to strike the right balance, ensuring that Danish universities and companies work as openly as possible—and as safely as necessary.
“We’re not going to turn into Fort Knox. After all, we need to be able to teach, and we need to let our students into our laboratories. But on the other hand, we must also be able to collaborate with Danish and international companies, which increasingly make demands on our security systems,” Anders Fosgerau states.
Firstly, DTU is part of a new NATO research centre for quantum technology. And secondly, DTU is part of a new collaboration with the Danish Defence Intelligence Service. Both collaborations call for a strong and secure defence against cyberattacks.
Huge investment
Many cyberattacks are based on hackers trying to trick you into disclosing confidential information. For example, you may be tricked into clicking on a link that is not secure, or sharing your password with unauthorized parties.
Anders Fosgerau recommends that everybody be critical of the emails they receive and that they do not click on links.
“Turning people away at the door is costly because we have to buy an extra large firewall in order to be able to block all unwanted traffic. And an extra large spam filter that can cope with a lot of spam without causing queues and slowing down the flow of legitimate emails,” says Anders Fosgerau about the investment, which runs into tens of millions of Danish kroner.
For example, DTU’s email system has recently been moved to the cloud to better solidify the system against attacks. DTU’s web platforms have also moved to the cloud. The introduction of multi-factor authentication helps ensure that only authenticated users can access the systems. Also, mail or calendar functions on mobile phones and other third-party apps can no longer be used to access DTU’s systems, as they do not comply with DTU’s security standards. This is also due to the fact that DTU data must be securely separated from, for example, private use and data on mobile phones and other devices.
