TU Delft staff were attacked by hackers last week. The TU Delft cyber security expert Marthe Uitterhoeve is concerned. “The attacks are becoming more ingenious.”
The opening page looked slick. NetID and password? Yes, of course. You need to fill them in to login to the TU Delft system. But on the opening page that some TU Delft staff members got when they clicked on a link in an email, was a third window. It asked for your personnel number. That is odd. TU Delft never asks for it when you log in. It was clearly fraud.
The phishing mail was sent to staff members of three faculties. Which faculties Marthe Uitterhoeve does not say. She is the Lead Architect & Security Officer at TU Delft. Last week she sent an email to managers at TU Delft to warn them about this. “The target was professors, scientists and some secretaries,” she said. “And we can safely assume that there were plans for the other five faculties.”
The login details of some staff members were obtained by the criminals in an attempt to access TU Delft’s systems. The IT Security Team discovered this on time and was able to prevent damage. The phishing site has been taken down.
‘It was a well thought through and prepared plan,’ replied Uitterhoeve in an email. That said there were some sloppy things such as TU Delft being incorrectly spelled (with small letters instead of capital letters). ‘It’s useful that hackers often get caught out for these kind of silly mistakes. So please always be alert for this type of sloppiness,’ she wrote. ‘When the staff members tried to log in, they were also asked for a personnel number. We never do that.’
In 2018, Delta listed the digital attacks on TU Delft and its staff members. On the list were phishing (including the so-called spear phishing), CEO fraud, attacks coupled with ransomware, and other kinds of blackmail emails.
- Read a detailed description of the various attack tactics. (in Dutch).
These type of attacks also happened last year and in the first half of 2020. ‘But what we are now seeing more often is that hackers are combining different tactics. They are becoming more ingenious. We are also seeing a market growing where the methods of attacks can easily be bought. This is bringing cyber attacks within the reach of criminals who are not very technical. The traditional image of hackers in attics is no longer the reality.’
Conflict with the open character of a university
The cyber threats are clearly increasing. Uitterhoeve says that this is happening across the whole higher education sector in the Netherlands. She points to the SURF’s 2019/2020 cyber threat assessment. SURF is an alliance of universities and universities of applied science that works on innovation in IT. In 2019, it was mostly the IT facilities that were targeted. Identity fraud was also hot while there was little spying and the manipulation of digital data.
Many people will probably clearly remember the ransomware attack on the University of Maastricht. SURF is concerned that this type of attack will happen more frequently.
More security measures will be taken over the next few years, says Uitterhoeve. ‘We need to strengthen the IT Risk Management, improve the security monitoring, increase the incident response expertise and raise security awareness among staff.’ But, the security expert confirms, stricter security measures may conflict with the open character of a university.
- If you receive a suspicious email, please report it to abuse@tudelft.nl.
Do you have a question or comment about this article?
tomas.vandijk@tudelft.nl
Comments are closed.