Higher Education Cyber Threat and Vulnerability Forecast - December 2024

Report by FortifyData

Executive Summary

Below you will find our December report (and downloadable PDF) that reports on November threats and vulnerabilities that presented significant cybersecurity challenges to the higher education sector, with advanced ransomware attacks, heightened phishing campaigns, and exploitation of vulnerabilities in collaboration tools. Institutions must proactively address these threats in December, a time when academic schedules are busiest, and cybersecurity vulnerabilities are often overlooked. This report provides actionable insights to fortify defenses against emerging risks.

Table of Contents

November 2024 known exploited vulnerabilities (kevs)

In November, the following 22 CVEs were identified as Known Exploited Vulnerabilities (KEVs) based on industry reports and vulnerability databases. However, we decided to include 4 more KEVs from the first week for December due to their severity. A total of 26 KEVs are captured in this report. Institutions should prioritize remediation efforts on these vulnerabilities to mitigate risks effectively.

In November, the higher education sector faced significant cybersecurity challenges, including ransomware attacks, data breaches, and phishing campaigns. Notably, Southeast Technological University (SETU) in Ireland experienced a high-profile breach, underscoring the sector’s vulnerability. Their statement on the breach can be found here: https://www.setu.ie/news/setu-response-to-cybersecurity-incident

The University of Algarve (UAlg) in Portugal experienced a cyberattack targeting its academic management system between November 14 and 19. This breach led to the unauthorized extraction of personal data belonging to applicants, students, and staff, including names, email addresses, phone numbers, and bank account numbers (IBANs). Further information about the attack and confirmation of the data breach can be read here: https://www.portugalresident.com/university-of-algarve-hit-by-cyberattack/

The university successfully mitigated the attack by updating the affected software on the evening of November 19. Throughout the incident, teaching and research activities continued without interruption. UAlg promptly informed the affected individuals about the specific data compromised and provided guidance on protective measures. Additionally, the university reported the incident to relevant authorities, including the National Cybersecurity Centre, the Data Protection Commission, and the Judicial Police’s Cybercrime Unit.

These incidents underscore the persistent threat of cyberattacks on higher education institutions and highlights the critical importance of robust cybersecurity measures to safeguard sensitive academic and personal data.

Affected Vendors December

High-risk KEVs identified by FortifyData for higher education

These KEVs affected key vendors, including PAN-OS, VMware, AG/vxAG ArrayOS. The most prevalent vulnerabilities involved Remote Code Execution, Privilege Escalation, and SQL Injection, which could lead to significant data breaches and system compromises.

Specific vulnerabilities linked to known ransomware campaigns include CVE-2023-2846, in which exploitation of the vulnerability may allow an unauthenticated attacker to execute arbitrary code on the target system.

icon attention red

Urgent identification and remediation of these vulnerabilities is essential to protect critical assets and ensure resilience. 

Ransomware Linked CVEs
November KEV List

Trending Threats

1. Advanced ransomware targeting university systems

Overview: Ransomware campaigns in November increasingly targeted financial systems, with attackers seeking to disrupt tuition payments and payroll operations.

Preparing for December: Universities should segment financial systems, enhance monitoring, and ensure critical financial data is regularly backed up offline.

Quick Win: Conduct a vulnerability scan of financial systems and apply necessary patches immediately. 

2. Phishing campaigns exploiting end-of-year admissions cycles

Overview: End-of-year admissions processes are being targeted by phishing campaigns aimed at obtaining applicant and faculty credentials.

Preparing for December: Strengthen email filters, provide staff and applicants with phishing awareness training, and enforce MFA across admissions portals.

Quick Win: Simulate a phishing attack to assess readiness and identify gaps in awareness.

Higher Education Vendor Spotlight: CANVAS LMS

For the December 2024 Cyber Threat Forecast, our Vendor Spotlight focuses on Canvas LMS by Instructure. It is one of the leading learning management systems (LMS) widely adopted by higher education institutions. In recent months, Instructure has demonstrated a strong commitment to improving the security posture of Canvas LMS, focusing on enhanced authentication protocols and data protection.

Consistency in Vulnerability Remediation

Consistency in Vulnerability Remediation

Insights from FortifyData

Many colleges and universities leverage FortifyData’s Third-Party Risk Management Solution to continuously monitor the security performance of Canvas LMS. This has provided institutions with visibility into Instructure’s efforts to address vulnerabilities promptly and align with cybersecurity best practices.

Canvas LMS’s dedication to maintaining a secure platform makes it a trusted partner for higher education institutions navigating complex digital learning environments.

Best practices and quick wins for december

Apply All Security Patches: Ensure that the latest patches for Microsoft and Linux systems are applied.

Perform Regular Phishing Simulations: Test your staff’s awareness with phishing simulations.

Conduct a Third-Party Vendor Audit: Assess the security posture of key third-party vendors.

How we can help

FortifyData offers tailored solutions to address the unique cybersecurity challenges facing higher education institutions. From vulnerability management to third-party risk assessments, our tools empower institutions to stay ahead of emerging threats. Schedule a demo to see how FortifyData can operationalize this data into your workstreams or Request a complimentary assessment now and discover where attackers can breach your defenses.