Newcastle University ransomware infection – what happened and why?
By Katharine Palmer
Following an incident affecting Northumbria University, Newcastle University is the latest victim of a big game hunting ransomware group. In this case, DoppelPaymer is also increasing its extortion leverage on their victims by threatening to leak stolen data as well as encrypt it.
Figure 1: DoppelPaymer claims responsibility for the ransomware infection via Twitter
Figure 2: Leaked Newcastle University data on DoppelPaymer’s dedicated site
The education sector continues to prove a popular target for these groups, with vulnerabilities stemming from general under investment in cyber security, especially threat intelligence. This is compounded by extensive and complex networks, system uptime requirements, and their holding of masses of personally identifiable information (PII) or students. These issues have been amplified by efforts to better accommodate changing working practices and online learning as students return in the midst of the pandemic – an issue we have previously assessed. The timing of the incident and its disruptive impact also affirms our previous assessment in our latest Monthly Report that threat actors will look to target schools and universities ahead of the new academic term.
Despite these broader systemic issues, our Cyber Risk Rating tool has identified several issues with Newcastle University’s public-facing infrastructure that are likely to have attracted DoppelPaymer’s interest. For example, in addition to spear-phishing, the group looks to identify vulnerable Remote Desktop Protocol (RDP) services, and known vulnerabilities in software.[1] In this latter category, Newcastle performs worse than 85% of entities in our database, featuring over 100 critical-severity CVEs which are typically sought out by threat actors because of their potential utility. Large number of open ports would have also made the University look attractive to indiscriminate scanning by cybercriminals, while high number of expired certificates also point to failings of cyber hygiene.
Conclusion:
To adopt an intelligence led and risk-based approach to security, it is critical to understand both the specific threats and vulnerabilities that your organisation faces. If you can use threat intelligence to assess how your company looks from a threat actor’s perspective, and how you compare against your industry peers and competitors, you can better understand the likelihood of a cyber attack and work to reduce this overall level of cyber risk.
If you are interested in learning your cyber risk rating and how you compare to industry peers, contact us here.
Get our latest cyber intelligence insights straight into your inbox every week
Fill out the short form below to subscribe to our newsletter so that you never miss out on
our cyber intelligence insights and news.
Privacy Overview
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
Strictly Necessary Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features. These must be enabled at all times, so that we can save your preferences.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
If you do not enable Strictly Necessary Cookies, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
Request Demo Access
Fill out your details below and we'll be in touch to arrange demo access for you as soon as
possible.