Top Universities Exposing Students, Faculty and Staff to Email Crime – TechNewsWorld

abbeycolton353
Abbey Colton August 20, 2022

Nearly all the top 10 universities in the United States, United Kingdom, and Australia are putting their students, faculty and staff at risk of email compromise by failing to block attackers from spoofing the schools’ email domains.
According to a report released Tuesday by enterprise security company Proofpoint, universities in the United States are most at risk with the poorest levels of protection, followed by the United Kingdom, then Australia.
The report is based on an analysis of Domain-based Message Authentication, Reporting and Conformance (DMARC) records at the schools. DMARC is a nearly decade-old email validation protocol used to authenticate a sender’s domain before delivering an email message to its destination.
The protocol offers three levels of protection — monitor, quarantine, and the strongest level, reject. None of the top universities in any of the countries had the reject level of protection enabled, the report found.
“Higher education institutions hold masses of sensitive personal and financial data, perhaps more so than any industry outside healthcare,” Proofpoint Executive Vice President for Cybersecurity Strategy Ryan Kalember said in a statement.
“This, unfortunately, makes these institutions a highly attractive target for cybercriminals,” he continued. “The pandemic and rapid shift to remote learning has further heightened the cybersecurity challenges for tertiary education institutions and opened them up to significant risks from malicious email-based cyberattacks, such as phishing.”
Universities aren’t alone in poor DMARC implementation.
A recent analysis of 64 million domains globally by Red Sift, a London-based maker of an integrated email and brand protection platform, found that only 2.1 percent of the domains had implemented DMARC. Moreover, only 28% of all publicly traded companies in the world have fully implemented the protocol, while 41% enabled only the basic level of it.
There can be a number of reasons for an organization not adopting DMARC. “There can be a lack of awareness around the importance of implementing DMARC policies, as well as companies not being fully aware of how to get started on implementing the protocol,” explained Proofpoint Industries Solutions and Strategy Leader Ryan Witt.
“Additionally,” he continued, “a lack of government policy to mandate DMARC as a requirement could be a contributing factor.”
“Further,” he added, “with the pandemic and current economy, organizations may be struggling to transform their business model, so competing priorities and lack of resources are also likely factors.”
The technology can be challenging to set up, too. “It requires the ability to publish DNS records, which requires systems and network administration experience,” explained Craig Lurey, CTO and co-founder of Keeper Security, a provider of zero-trust and zero-knowledge cybersecurity software, in Chicago.
In addition, he told TechNewsWorld: “There are several layers of setup required for DMARC to be implemented correctly. It needs to be closely monitored during implementation of the policy and the rollout to ensure that valid email is not being blocked.”
Nicole Hoffman, a senior cyber threat intelligence analyst with Digital Shadows, a provider of digital risk protection solutions in San Francisco, agreed that implementing DMARC can be a daunting task. “If implemented incorrectly, it can break things and interrupt business operations,” she told TechNewsWorld.
“Some organizations hire third parties to help with implementation, but this requires financial resources that need to be approved,” she added.
She cautioned that DMARC will not protect against all types of email domain spoofing.
“If you receive an email that appears to be from Bob at Google, but the email actually originated from Yahoo mail, DMARC would detect this,” she explained. “However, if a threat actor registered a domain that closely resembles Google’s domain, such as Googl3, DMARC would not detect that.”
Unused domains can also be a way to evade DMARC. “Domains that are registered, but unused, are also at risk of email domain spoofing,” Lurey explained. “Even when organizations have DMARC implemented on their primary domain, failing to enable DMARC on unused domains makes them potential targets for spoofing.”
Universities can have their own set of difficulties when it comes to implementing DMARC.
“A lot of times universities don’t have a centralized IT department,” Red Sift Senior Director of Global Channels Brian Westnedge told TechNewsWorld. “Each college has its own IT department operating in silos. That can make it a challenge to implement DMARC across the organization because everyone is doing something a little different with email.”
Witt added that the constantly changing student population at universities, combined with a culture of openness and information-sharing, can conflict with the rules and controls often needed to effectively protect the users and systems from attack and compromise.
Furthermore, he continued, many academic institutions have an associated health system, so they need to adhere to controls associated with a regulated industry.
Funding can also be an issue at universities, noted John Bambenek, principle threat hunter at Netenrich, a San Jose, Calif.-based IT and digital security operations company. “The biggest challenges to universities is low funding of security teams — if they have one — and low funding of IT teams in general,” he told TechNewsWorld.
“Universities don’t pay particularly well, so part of it is a knowledge gap,” he said.
“There is also a culture in many universities against implementing any policies that could impede research,” he added. “When I worked at a university 15 years ago, there were knock-down drag-out fights against mandatory antivirus on workstations.”
Mark Arnold, vice president for advisory services at Lares, an information security consulting firm in Denver, noted domain spoofing is a significant threat to organizations and the technique of choice of threat actors to impersonate businesses and employees.
“Organizational threat models should account for this prevalent threat,” he told TechNewsWorld. “Implementing DMARC allows organizations to filter and validate messages and help thwart phishing campaigns and other business email compromises.”
Business email compromise (BEC) is probably the most expensive problem in all of cybersecurity, maintained Witt. According to the FBI, $43 billion was lost to BEC thieves between June 2016 and December 2021.
“Most people don’t realize how extraordinarily easy it is to spoof an email,” Witt said. “Anyone can send a BEC email to an intended target, and it has a high probability of getting through, especially if the impersonated organization isn’t authenticating their email.”
“These messages often don’t include malicious links or attachments, sidestepping traditional security solutions that analyze messages for these traits,” he continued. “Instead, the emails are simply sent with text designed to con the victim into acting.”
“Domain spoofing, and its cousin typosquatting, are the lowest hanging fruit for cybercriminals,” Bambenek added. “If you can get people to click on your emails because it looks like it is coming from their own university, you get a higher click-through rate and by extension, more fraud losses, stolen credentials and successful cybercrime.”
“In recent years,” he said, “attackers have been stealing students’ financial aid refunds. There is big money to be made by criminals here.”
John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.
Please sign in to post or reply to a comment. New users create a free account.

Is Wikipedia a credible source of information?

Loading ... Loading …



Yes – It’s my go-to for most topics.
Somewhat – It’s a good resource but I do not consider it fully authoritative.
No – Too much of the information is incorrect or biased.
I do not use Wikipedia.
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/06/cyberwarfare-3-300×156.jpg
https://www.technewsworld.com/story/attacks-on-cloud-service-providers-down-25-during-first-4-months-of-2022-176678.html
Attacks on Cloud Service Providers Down 25% During First 4 Months of 2022
Canonical Lets Loose Ubuntu 22.04 LTS ‘Jammy Jellyfish’
Low-Code Platforms Help Ease the Shadow IT Adversity Pain
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/05/livestream-sports-300×156.jpg
https://www.technewsworld.com/story/study-finds-sports-is-king-among-livestreamers-176771.html
Study Finds Sports Is King Among Livestreamers
New Cisco Conferencing Devices Designed To Heal Meeting Fatigue
Amazon Puts High-Tech Spin on Play Dates With Kiddie Video-Calling Device
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/06/apple-wwdc-2022-300×156.jpg
https://www.technewsworld.com/story/apple-shows-off-vast-upgrades-to-software-hardware-user-experiences-at-wwdc22-176822.html
Apple Shows Off Vast Upgrades to Software, Hardware, User Experiences at WWDC22
Microsoft’s Innovative 4-Processor PC
Slipping Graphics Chip Prices Could Signal Coming End of Semiconductor Shortages
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/05/server-room-300×156.jpg
https://www.technewsworld.com/story/security-demands-shifting-business-backups-away-from-on-prem-boxes-176873.html
Security Demands Shifting Business Backups Away From On-Prem Boxes
Ubuntu Core 22 Release Addresses Challenges of IoT, Edge Computing
KYY 15.6″ Portable Monitor Packs Value With a Healthy Feature Set
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/08/Web3-security-300×156.jpg
https://www.technewsworld.com/story/forrester-report-cautions-about-web3-security-177005.html
Forrester Report Cautions About Web3 Security
IT Security Pros Push for Consolidated Standards, Vendor Products
5 Cyber Safety Tips To Survive the Internet, Hackers and Scammers
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/sysadmin-data-300×156.jpg
https://www.technewsworld.com/story/data-observabilitys-big-challenge-build-trust-at-scale-176667.html
Data Observability’s Big Challenge: Build Trust at Scale
The Business Case for Clean Data and Governance Planning
6 Critical Steps for Scaling Secure Universal Data Authorization
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/devops-300×156.jpg
https://www.technewsworld.com/story/leapwork-ceo-no-code-platforms-democratize-testing-automation-176913.html
Leapwork CEO: No-Code Platforms Democratize Testing Automation
Cognitive Skills for Engineering Success
Apple and Microsoft Developers Conferences Exhibit Companies’ Strengths, Weaknesses
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/08/handwrytten-300×156.jpg
https://www.technewsworld.com/story/robotic-letter-writing-lends-a-hand-to-personalized-marketing-crm-176595.html
Robotic Letter Writing Lends a Hand to Personalized Marketing, CRM
Nvidia and Disney Can Breathe Life Into the Metaverse
The Metaverse Future: Are You Ready To Become a God?
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/08/accountant-300×156.jpg
https://www.technewsworld.com/story/b2b-funding-firms-banking-on-embedded-finance-176805.html
B2B Funding Firms Banking on Embedded Finance
Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security
Cryptocurrency Custody Concerns: Who Holds the Digital Storage Keys?
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/09/netflix-games-300×156.jpg
https://www.technewsworld.com/story/stat-firm-reports-less-than-1-of-subscribers-playing-netflix-games-176977.html
Stat Firm Reports Less Than 1% of Subscribers Playing Netflix Games
Nvidia Showcases the Metaverse Future at GTC
Play-To-Earn Gaming Faces Hurdles To Rapid Growth
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/04/university-students-300×156.jpg
https://www.technewsworld.com/story/top-universities-exposing-students-faculty-and-staff-to-email-crime-176970.html
Top Universities Exposing Students, Faculty and Staff to Email Crime
6 Signs Cybercriminals Infected Your Phone and How To Fix It
Security Pros Lured to Bug Bounties by Big Pay Days
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/06/hp-dev-one-pop-os-300×156.jpg
https://www.technewsworld.com/story/new-linux-laptop-line-advances-hp-system76-open-source-collaboration-176562.html
New Linux Laptop Line Advances HP, System76 Open-Source Collaboration
InnoView’s 15.6″ 4K Portable Panel Could Be the Ultimate Touchscreen Accessory
The 5 Coolest Things at Dell World Almost No One Saw
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/07/covid-news-smartphone-300×156.jpg
https://www.technewsworld.com/story/meta-moves-to-back-off-removing-covid-misinformation-from-platforms-176937.html
Meta Moves To Back Off Removing Covid Misinformation From Platforms
Hack Your Metabolism To Improve Health With the Lumen Smart Device
Amazon Rolls Out Alexa for Senior Living and Healthcare Providers
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/07/home-security-300×156.jpg
https://www.technewsworld.com/story/home-security-market-thriving-despite-dread-of-false-alarms-176935.html
Home Security Market Thriving Despite Dread of False Alarms
Digital Devices of Corporate Brass Ripe for Hacker Attacks
Home Automation Faces 3 Perpetual Problems
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/04/code-tux-300×156.jpg
https://www.technewsworld.com/story/start-here-when-things-go-wrong-on-your-linux-system-176520.html
Start Here When Things Go Wrong on Your Linux System
Computers Use Processes, So Should You
NICE Platform Answers Call for Hyper-Personal CX Tools
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/03/teamwork-300×156.jpg
https://www.technewsworld.com/story/foundries-and-arduino-team-to-patch-iot-devices-87464.html
Foundries and Arduino Team To Patch IoT Devices
Remote Work Heightens Privacy and Security Anxiety Among Employees
Amazon Super Smart Fridge Is Reportedly in the Works
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/08/digital-quality-of-life-index-300×156.jpg
https://www.technewsworld.com/story/denmark-tops-in-digital-quality-of-life-us-in-fifth-place-176961.html
Denmark Tops in Digital Quality of Life, US in Fifth Place
Unprotected Machine Identities Newest Enterprise IT Security Concern
Cybersecurity Pros Preach Constant ID Challenging, Attack Readiness To Defeat Threats
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/05/microsoft-word-300×156.jpg
https://www.technewsworld.com/story/new-software-vulnerability-zeroes-in-on-microsoft-programs-176806.html
New Software Vulnerability Zeroes In on Microsoft Programs
Hackers Cast LinkedIn as Most-Popular Phishing Spot
Forrester Pegs B2B Fraud, Cyber Insurance Complacency as Top Threats in 2022
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/05/boy-screen-time-300×156.jpg
https://www.technewsworld.com/story/kids-screen-use-sees-fastest-rise-in-4-years-176735.html
Kids’ Screen Use Sees Fastest Rise in 4 Years
Sports Betting Platforms Gambling With Substandard CX
Appdome CEO on Mobile App Security: No Developer, No Code, No Problem
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/05/Titan-Linux-300×156.jpg
https://www.technewsworld.com/story/titan-linux-beta-brings-simplicity-finesse-to-kde-remake-176554.html
Titan Linux Beta Brings Simplicity, Finesse to KDE Remake
Linux Security Study Reveals When, How You Patch Matters
New Breeze Theme Gives KDE Neon Release Lots of Sparkle
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/04/personal-file-300×156.jpg
https://www.technewsworld.com/story/pii-of-many-fortune-1000-execs-exposed-at-data-broker-sites-176668.html
PII of Many Fortune 1000 Execs Exposed at Data Broker Sites
US-Led Seizure of RaidForums May Defy Lasting Effect on Security
Atlas VPN Debuts MultiHop+ for Added Layer of Internet Privacy and Security
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/03/apis-cor-3d-building-300×156.jpg
https://www.technewsworld.com/story/rebuilding-ukraine-3d-printing-and-the-metaverse-could-help-create-the-cities-of-tomorrow-87455.html
Rebuilding Ukraine: 3D Printing and the Metaverse Could Help Create the Cities of Tomorrow
InnoView 15.8″ Portable Display: More Screen Space for Small Devices
Desklab Portable Monitor: Ideal for Work, Play, Mobile Productivity
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/08/Space-BACN-300×156.jpg
https://www.technewsworld.com/story/darpa-moves-forward-with-project-to-revolutionize-satellite-communication-177003.html
DARPA Moves Forward With Project To Revolutionize Satellite Communication
Science, Art Inspire Women in Tech Entrepreneurship
Why Commercial Space Travel Is Unlikely To Scale Up
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/microsoft-bing-300×156.jpg
https://www.technewsworld.com/story/microsoft-bing-yandex-create-new-search-protocol-87311.html
Microsoft Bing, Yandex Create New Search Protocol
Botify SEO Platform Helps Brands Navigate Organic Search Rankings
Google Cloud Seeks To Cure Retailers’ Search Woes, Help Compete With Amazon
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/server-admins-300×156.jpg
https://www.technewsworld.com/story/cyber-asset-management-overwhelming-it-security-teams-87457.html
Cyber Asset Management Overwhelming IT Security Teams
30 Years of Linux History Told via Distros
Stale Open Source Code Rampant in Commercial Software: Report
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/03/digital-wallet-qr-code-300×156.jpg
https://www.technewsworld.com/story/whats-in-store-for-next-gen-digital-wallets-87451.html
What’s in Store for Next-Gen Digital Wallets
Apple Refreshes iPhone SE, iPad Air, Debuts Studio Desktop
Tesla Smartphone Could Be a Game Changer
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/08/social-media-apps-300×156.jpg
https://www.technewsworld.com/story/a-third-of-us-social-media-users-creating-fake-accounts-176987.html
A Third of US Social Media Users Creating Fake Accounts
Amazon Lawsuit Fingers Facebook Groups Recruiting Fake Reviewers
Big Tech Firms Move To Squash Deceptive Info on Ukraine Crisis
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/global-disaster-300×156.jpg
https://www.technewsworld.com/story/nvidia-launches-earth-2-and-goes-to-war-against-climate-change-87336.html
Nvidia Launches Earth 2 and Goes to War Against Climate Change
Kuo Predicts ‘iPhone 13’ Will Support Satellite Calls and Texting
30 Years Later, the Trajectory of Linux Is Star Bound
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/05/tech-race-300×156.jpg
https://www.technewsworld.com/story/dont-become-a-fool-in-the-it-gold-rush-176760.html
Don’t Become a Fool in the IT Gold Rush
Marketers: Beware Florida’s Mini-TCPA
Natural Language Speaks Loudly About a Big Shift in AI
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/surface-duo-2-300×156.jpg
https://www.technewsworld.com/story/microsoft-finally-has-truly-competitive-alternatives-to-apple-products-87282.html
Microsoft Finally Has Truly Competitive Alternatives to Apple Products
New iPad Mini Stars at Apple Refresh Event
Chromebook Shipments Jump 75% YoY in Q2
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/07/tug-of-war-300×156.jpg
https://www.technewsworld.com/story/musk-twitter-qualcomm-apple-netflix-microsoft-deciphering-the-insanity-176915.html
Musk-Twitter, Qualcomm-Apple, Netflix-Microsoft: Deciphering the Insanity
The World Is Not Yet Ready for Electric Cars
The Importance of the Metaverse Standards Forum
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/04/eu-gavel-300×156.jpg
https://www.technewsworld.com/story/new-eu-law-will-force-google-meta-others-to-expose-algorithms-176689.html
New EU Law Will Force Google, Meta, Others To Expose Algorithms
Pandemic, Compliance Driving Increased Privacy Spending
Report Argues Antitrust Bill Would Hurt Consumers, Stymie Innovation
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/07/Lucid-Air-300×156.jpg
https://www.technewsworld.com/story/lucid-nvidia-and-the-rapidly-changing-future-of-electric-cars-176927.html
Lucid, Nvidia and the Rapidly Changing Future of Electric Cars
Rapid EV Adoption by Low-Income Drivers Needed To Curb Climate Change: Report
BlackBerry and Preparing for the Software-Defined Automobile
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/07/metaverse-shopping-300×156.jpg
https://www.technewsworld.com/story/new-recipe-for-marketing-success-blend-digital-and-cx-mix-well-with-ai-176540.html
New Recipe for Marketing Success: Blend Digital and CX, Mix Well With AI
Meta vs. Varjo and Nvidia: The Bifurcation of the Metaverse
A Step Into Meta’s VR Meeting World, Horizon Workrooms
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/vr-metaverse-300×156.jpg
https://www.technewsworld.com/story/apple-mr-specs-will-shun-metaverse-report-87385.html
Apple MR Specs Will Shun Metaverse: Report
Apple Wearables Holiday Sales Knock It Out of the Park
5 Terrific Tech Gift Ideas for Your Holiday Shopping List
https://www.technewsworld.com/wp-content/uploads/sites/3/2021/07/xl-2016-hacker-2-300×184.jpg
https://www.technewsworld.com/story/cybercriminals-employing-specialists-to-maximize-ill-gotten-gains-87200.html
Cybercriminals Employing Specialists To Maximize Ill-Gotten Gains
Encouraging Research Finds Brain Adjusts to ‘Third Thumb’
E-Commerce Tending to Health and Wellness Needs
Copyright 1998-2022 ECT News Network, Inc. All Rights Reserved.
Enter your Username and Password to sign in.

source

Categories: Uncategorized
abbeycolton353
Abbey Colton

Related Articles