Study: Higher Ed Networks 3 Times More Likely to Have Malware

Higher education networks are 300% more likely to be infected with malware than their enterprise and government counterparts., according to research just released by OpenDNS.

“Our research shows that while higher education institutions face the same cyber-attacks as enterprises and government agencies, they tend to be compromised by malware and botnets at a much higher rate,” Dan Hubbard, CTO of OpenDNS and head of Umbrella Security Labs said in a statement. “Clearly colleges and universities must operate more open networks and support an endless number of access devices, which puts them at higher risk; however, by implementing some fundamental security best practices, it is possible to significantly reduce and contain the current rate of infections on campuses.”

According to Umbrella Security Labs, the EXPIRO malware is currently the number one threat to universities and colleges. It typically is silently installed when a student or faculty member visits a Web site hosting a Java or Adobe PDF exploit. Once the malware is installed, it acts as a file infector that steals user and system information. The information it captures is saved in a DLL file and sent to the attackers command and control infrastructure.

Preventing students and faculty from falling prey to these attacks is more challenging than protecting employees on a corporate network due to the large scale of typical college and university networks. Traditional approaches to cyber-security based on deep packet inspection or proxying all network traffic aren’t well suited for these high-bandwidth environments. They often end up creating network bottlenecks, adding latency and introducing points of failure in addition to raising privacy concerns.

To protect users from visiting malicious sites and block infected devices from phoning home, some of the best practices that colleges and universities can implement include:

  • Alerting users when new “spear phishing” campaigns against the institution are detected
  • Using predictive analytics to block “malvertising” and “watering hole” Web attacks
  • Applying DNS-based enforcement to prevent malware-infected devices from phoning home to botnet operators over non-Web connections

Read the full press release.

Related Articles:




If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety HQ