UNB successfully defends against massive increase in cyber attacks

There's been a dramatic increase in cyber attacks on the University of New Brunswick recently, according to an information technology official at the university.

The good news: brute force intrusion cyber attacks, while common, aren’t that effective

David Shipley says there has been a massive increase in the number of cyber attacks on the University of New Brunswick. 5:53

There's been a dramatic increase in cyber attacks on the University of New Brunswick recently, according to David Shipley, the university's director of strategic initiatives for information technology services.

So-called brute force remote intrusion attacks recently hit a new all-time high of 185 million in one week.

The digital equivalent of "shaking locks and checking for open doors and windows," according to Shipley, the number of  attacks has increased from an average of one million a week to 51-85 million a week over the four years he's been on the job.

In a brute force intrusion attack, cyber criminals use automated programs to "literally try to connect to every device on campus through different ports, or connection types," said Shipley.

Universities, hospitals, and other large institutions are attractive targets for criminals since they store large amounts of personally identifiable information. Once collected, some data "can be sold on the black market for $10 to $15 per entry," said Shipley.

He says the valuable, patented research conducted at higher learning centres can also be sold for much more — sometimes, millions of dollars.

Any lazy criminal can do it

The number of so-called “brute force remote intrusion attacks” - the digital equivalent of “shaking locks and checking for open doors and windows,” according to David Shipley, has increased from an average of 1 million a week to 51-85 million a week over four years. (Damian Dovarganes/Associated Press)
The barrier to entry is low when it comes to trying one's hand at exploiting vulnerable computer systems.

"Anyone in the world now can go and download these tools and commit crimes," said Shipley.

More organizations are experiencing the fallout firsthand. Earlier this summer the Saint John Development Corporation said it lost valuable data to a ransomware attack on office laptops. Recently, the University of Calgary paid $20,000 to scammers after a ransomware attack on its computer systems.

Recently, the UNB Faculty of Forestry was hit with ransomware, but "fortunately we were able to restore them," Shipley said.

Criminals tend to cast their net wide, hitting myriad devices to see what valuable information they can dredge up.

Unfortunately for institutions, international law tends to tag behind the tech used by scammers. Only a "tiny percentage" of cyber crimes are reported, Shipley said, and and even fewer are caught, since most scams tend to cross international borders.

Fewer attacks effective

Fortunately for large institutions, most of the attacks aren't particularly effective.

UNB has successfully developed a four point strategy that includes "a new IT security policy, data governance plan, prevention strategy, and cyber security awareness program for faculty and staff," Shipley said.

It's "social engineering scams"—those that manipulate individuals using email, phone, and text —that people really need to watch out for.

Investing in firewalls, first-rate backup strategies, and other tools to deal with the attacks, as well as the increased internet traffic they generate, are an unfortunate cost of doing business within the "broader trend in cybercrime," Shipley said.

Still, he said, the remote intrusion and brute force attack numbers are "a canary in the coal mine. [They] show just how out-of-control cyber crime and cyber attacks are getting."