back to article Uni sysadmins, don't relax. Cybercrooks are still after your crown jewels, warns NCSC

Cybercrims are still likely to affect universities and other educational institutions online with ransomware, reckons GCHQ offshoot the National Cyber Security Centre. Attacks by online criminals and nation states alike are "rising", the NCSC warned in a report published today. Sarah Lyons, deputy director for economy and …

  1. Anonymous Coward
    Anonymous Coward

    Breaking News -- Pot calls kettle black!!!!

    Quote: "...We believe that state espionage will continue to pose the most significant threat..."

    *

    Yup......a huge threat to privacy is........GCHQ!!!!! Pure hypocrisy from NCSC!!!!

  2. Pascal Monett Silver badge

    Threats have always been escalating

    When the Internet started, the biggest threat was spam mail.

    Then the Internet got the ability to manage transactions, so getting user credentials became important.

    Now, state-level confidential information is stored on cloud servers or otherwise internet-accessible data repositories, so well-funded actors are looking for ways to infiltrate and monetize that information.

    The more complexity we add to our Internet experience, the more attractive that will become to well-heeled blackhats.

    1. GnuTzu Silver badge

      Re: Threats have always been escalating

      Preaching to the choir (up voted).

    2. amanfromMars 1 Silver badge

      Threats will always been escalating when solutions choose to be elusive and evasive

      The more complexity we add to our Internet experience, the more attractive that will become to well-heeled blackhats. ...... Pascal Monett

      The more complexity added to our Internet experience, the greater the need of well-heeled supporters of blackhats and greybeards for attractive feeds and/or destructive and/or disruptive seeds, PM, for an abiding expanding problem program and Persistent ACTive Cyber Threat is dirt poor blackhats and greybeards also finding the well-heeled an attractive target for acquisition/secrets phishing and knowledge sharing.

      In a ménage à trois of concise and precise nutshells of an explanation and revelation, here be some evidence for prosecution teams .....

      The conscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society constitute an invisible government which is the true ruling power of our country. We are governed, our minds are molded, our tastes formed, our ideas suggested, largely by men we have never heard of. ... Edward Bernays

      "Money is only a tool. It will take you wherever you wish, but it will not replace you as the driver." – Ayn Rand

      “The most dangerous man, to any government, is the man who is able to think things out for himself…Almost inevitably, he comes to the conclusion that the government he lives under is dishonest, insane, and intolerable.” ..... H.L. Mencken, American journalist

  3. dwm

    Multi-factor authentication is no panacea

    Phishing is highly effective against most organisations, not just universities. Email tools are notoriously difficult to operate safely, and MFA is not a panacea—if an attacker can lure a user to a fake login page under their control, they can MITM most MFA options and still gain access to the user's accounts.

    Hardware tokens such as Yubikeys can be proof against such things, but procuring tens of thousands of these is hideously expensive, and has historically presented compatibility problems with common end-user devices.

    1. hmv Bronze badge

      Re: Multi-factor authentication is no panacea

      Yep. Tell me what association of (say) retail shops runs IT security reports on their industry? And makes the results public?

      As for password brute-forcing attacks, if you're not seeing them, you're either not looking closely enough or you don't run anything exposed to the Internet.

  4. Flywheel Silver badge
    WTF?

    I've never known "sysadmin" and "relax" to be in the same sentence! Tsk/Tut!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019