“You can distinguish two types of cyber-attacks. One attacks people and the other attacks machines, like computers, telephones, etc.,” says Björn Boman.
One common attack targeting individuals is called ‘phishing’. Via email or other direct communications, an individual is asked for their log-in details using various scamming methods.
“There are all sorts of different variants of varying quality, from professionally designed emails with credible links to login pages that look very much like legitimate webpages, to strangely worded emails that look very suspicious even at a quick glance.”
Another cyber-attack targeting individuals is so-called CEO fraud. Fraudsters use publicly available information to identify their victim's immediate manager. Then they impersonate their boss, contacting the victim regarding, for example, an unpaid invoice or any other crisis that requires immediate help in the form of paying an invoice, buying a gift card or taking other monetary action. The fraudster tries to utilise existing trust capital and often exerts pressure, so that the victim feels too stressed to question their demands.
“If alarm bells go off when you are prompted to do something strange, check it out. If you receive an SMS or email from your boss about paying an unfamiliar invoice, call your boss and double check that it is correct.”
Like a football team storming your grocery store
Technical attacks, on the other hand, may use known vulnerabilities. Such vulnerabilities may be outdated or ineffective software on university computers. Software and servers as well as centrally managed and maintained institutional services all may be vulnerable. Updates are usually available to protect software security gaps, but users often fail to install them. Therefore, users should ensure that software, clients and servers are all up to date.
Accessibility attacks also occur. During an accessibility attack, an attacker sends enormous amounts of traffic to overload a server. Distributed denial of service or DDoS attacks, which often appear in the news, are such an attack.
“It’s as if you went into your local grocery store to buy milk and bread. There are not usually so many customers, so you can pay and get out quite quickly. But with an overload attack, it is as if two busloads of boys' football teams appear and everyone wants to buy chewing gum. So, the queue at the till suddenly gets very long.”
During an accessibility attack, the system is not hacked, destroyed or stolen, but simply becomes overloaded and cannot handle its task. Such attacks are quite simple and inexpensive to implement, but more difficult to defend against.
“We collaborate a lot with our supplier SUNET to be able to counteract this type of attack.
Helpdesk support
Universities are generally subject to plenty of phishing attacks, especially during certain periods, like the start of a semester, when many new students arrive. But attacks are also aimed at employees. Such attacks focus on obtaining account information to exploit university resources. Phishing emails can also include attachments that contain malicious code. Björn Boman strongly advises paying close attention if you receive emails that seem strange.
“For example, you may receive emails claiming that you need to reactivate your Stockholm University account, or that you need to click on a link to clear your full email in-box. That type of email may be real, so it is important to remain vigilant. You can always turn to the IT department's Helpdesk for help and support if you think you have been the victim of some type of attack.”
Checklist for cyber-attack defence:
- Use passphrases rather than passwords. You can see examples at https://idp.it.su.se/diceware
- Change (don’t reuse) passwords.
- Use a password manager to store your passwords.
- Pick up the phone. If something seems strange, call the sender using a known number.
- Update your computer, phone, etc. software and restart regularly.