In Asia, China’s universities worst hit by cyberattack
Universities reportedly suffered serious breaches as a result of attacks by ransomware WannaCry last weekend, according to Chinese media reports. The malware reportedly hit organisations around the world from 12 May, with hackers demanding ‘ransom’ payments of about US$300 worth of digital currency bitcoin to ‘unlock’ data encrypted by the attack.
More than 4,300 education institutions in China were infected by the malware, the reports said, citing data from cybersecurity company Qihoo 360’s Threat Intelligence Center. Qihoo 360, a major anti-virus software supplier in China, said government services, hospitals, shopping malls and railway stations were also affected on the Chinese mainland.
Beijing News reported last Sunday that students at several universities around the country said access to their theses, papers and dissertations had been blocked, with a pop-up window demanding payments of US$300 to free the files.
Of some 29,000 individual computers crippled by the virus last weekend in China, nearly 15% were from universities, making on-campus users the hardest-hit demographic, said Sun Xiaojun, a product manager at Qihoo 360. They included the country’s top institutions, Peking University and Tsinghua University.
Both universities issued statements saying quick security action had prevented "large-scale" infection on their campuses, without providing details.
Tsinghua University is involved in many defence-related research projects for the Chinese government and its campus hosts the central server of the China Education and Research Network, or CERNET, which operates under the Ministry of Education.
CERNET, which connects a large number of campus networks, attempted to play down the damage. In a statement issued last Monday denying Qihoo’s report the previous day, it said just 66 of the country’s universities were affected.
In response to widespread reports that China’s universities were particularly vulnerable because of the prevalence of pirated versions of commercial software that were not regularly updated to cope with new viruses, CERNET dismissed Qihoo 360’s claims as “inaccurate statements that have seriously misled public opinion, caused panic among teachers and students, and affected the normal order of instruction and life”.
Hong Kong, South Korea and Japan
Institutions in Hong Kong, South Korea and Japan were less affected by such attacks with few breaches reported. Universities in these locations were less likely to use pirated versions of software which typically are not regularly updated, and recent cyberattacks on university systems had led to new security measures, cybersecurity experts said.
Universities in Japan saw a major wave of cyberattacks in December 2016 and January this year, affecting at least 18 institutions across the country, including Tokyo, Keio and Nagoya universities, with hackers replacing the universities’ website content with notices saying the site had been hacked. The move alarmed the authorities and led to stricter security measures.
Hong Kong saw a large rise in cyberattacks on university computers in 2015 with some cybersecurity experts suggesting these were politically motivated attacks in the wake of the student-led Occupy Central street protests that rocked the city from 2014 onwards.
Hackers accessed University of Hong Kong Vice-Chancellor Professor Peter Mathieson's email account several times in 2015. In August 2015, a number of Hong Kong's universities were thought to be part of a major global hack attack.
The attacks on university computers in Hong Kong and Japan did not relate to ransomware like WannaCry, however.
Although some reports have suggested that WannaCry may have originated in North Korea, South Korean universities have not so far reported damage from the latest attack. However RanCERT, a South Korean agency that monitors ransomware attacks, reported some 130,000 ransomware attacks in the country last year costing KRW300 billion (US$268 million).
Singapore’s two largest universities’ computer systems were affected by hackers looking to steal government and research data, according to the Cyber Security Agency of Singapore, or CSA, in a statement issued on 12 May. Although announced the same day as the global ransomware breakout, the CSA said it believed the attacks were unrelated to the WannaCry attacks.
The attacks on the National University of Singapore, or NUS, and the Nanyang Technological University, or NTU, were detected in April, according to the CSA statement, which described the attacks as ‘Advanced Persistent Threats’, where a hacker breaks into a network and remains there undetected for a long period of time with the intent of stealing data.
CSA did not reveal what data was stolen but said the attacks were “carefully planned and are not the work of casual hackers. The objective may be to steal information related to government or research”.
The universities’ systems are separate from government ones, so the extent of the attacks “appear to be limited”, it added.
“We know who did it, and we know what they were after. But I cannot reveal this for operational security reasons,” CSA Chief Executive David Koh told a press conference in Singapore.
“At both NTU and NUS, affected desktop computers and workstations were quickly isolated, removed and replaced,” CSA said.