This week, a major media reported more than 1 million UiTM - students who registered between 2000 to 2018 - were leaked online sometime in March 2018. UITM is one of the premier university in Malaysia.
This leak, occurred and reported almost a year after the event should serve as a wake up call for all universities in Malaysia. It is common knowledge that universities are NOT equipped to handle cyber threats. They are at their most vulnerable during the intake period where the systems are stretched to the limit and the influx of new devices linking to the university’s infrastructure resulting in a significant decline in the performance of the university’s IT infrastructure.
Are the personal details of the students the main target for the hackers or they are just a diversion from the real intention?
Hackers generally hack into the student details so that they can amend or revise their grades. Generally they have no other reason as most of these students were not financially well off thus, its not rewarding for the hackers.
Universities are gold mines for hackers especially for their research papers which are valuable and the intellectual properties. Aside from financial benefits, hackers can save 2 to 3 years of research by hacking into the system.
Another avenue why hackers are targeting universities are the network they are linked in.
The universities are linked in a network with business organisations for their recruitment and human resource programs and government departments for their administrative and management responsibilities.
In early 2017, hackers hacked into a university in Japan and turned the university's network against itself. Gaining control and using the IoTs in the university such as refrigerators and lights, cctv etc, hackers build botnets out of unsecured IoT and using them to direct traffic at the university's server in order to overwhelm it with the aim of taking the website and services offline. The request, which are similar for each, was to search for the address of a seafood restaurant.
How UiTM planned or have already addressed this issue of weaknesses in their cybersecurity measures would be interesting and could possibly serve as a template for other public universities in Malaysia and elsewhere.