OpenDNS researchers found that higher education networks are 300 percent more likely to contain malware than their enterprise and government counterparts. The study also revealed that EXPIRO targets the higher education sector more often than any other malware family.
The findings were gathered from the OpenDNS network which spans more that 50 million users across 160 countries. Using Big Data analytics, graph theory and machine learning, OpenDNS has developed predictive security capabilities that enable the Umbrella by OpenDNS service to automatically detect and block upwards of 80 million threat requests per day.
“Our research shows that while higher education institutions face the same cyber-attacks as enterprises and government agencies, they tend to be compromised by malware and botnets at a much higher rate,” said Dan Hubbard CTO of OpenDNS and head of Umbrella Security Labs. “Clearly colleges and universities must operate more open networks and support an endless number of access devices which puts them at higher risk; however, by implementing some fundamental security best practices it is possible to significantly reduce and contain the current rate of infections on campuses.”
According to Umbrella Security Labs, the EXPIRO malware is currently the number one threat to universities and colleges. It typically is silently installed when a student or faculty member visits a website which is hosting a Java or Adobe PDF exploit. Once the malware is installed it acts as a file infector that steals user and system information. The information it captures is saved in a DLL file and sent to the attackers Command and Control infrastructure.
Preventing students and faculty from falling prey to these attacks is more challenging than protecting employees on a corporate network due to the large scale of typical college and university networks. Traditional approaches to cyber-security that are based on deep packet inspection or proxying all network traffic aren’t well suited for these high bandwidth environments. They often end up creating network bottlenecks, adding latency and introducing points of failure in addition to raising privacy concerns.
To protect users from visiting malicious sites and block infected devices from phoning home, some of the best practices that colleges and universities can implement include:
- Alerting users when new “spear phishing” campaigns against the institution are detected
- Using predictive analytics to block “malvertising” and “watering hole” Web attacks
- Applying DNS-based enforcement to prevent malware-infected devices from phoning home to botnet operators over non-Web connections.