Network Security | Educause 2013 News

Higher Ed Networks 3 Times More Likely To Be Infected

• By Dian Schaffhauser
• 10/17/13

The networks run by colleges and universities are three times more likely to be infected with malware than networks in government agencies or businesses, according to research by security vendor OpenDNS. The company also said that the EXPIRO family of malware was the most common type of threat experienced by the higher education sector. Both of those findings were announced at this week's Educause 2013 conference, taking place October 15–18 in Anaheim, CA.

The company pulled that information out of an analysis of data from its own network, which delivers cloud-based Web security services. OpenDNS said in a statement that it uses a combination of data analytics, graph theory, and machine learning to detect and block up to 80 million threats coming into its customers' systems every day.

"Our research shows that while higher education institutions face the same cyber-attacks as enterprises and government agencies, they tend to be compromised by malware and botnets at a much higher rate," said Chief Technology Officer Dan Hubbard. "Clearly, colleges and universities must operate more open networks and support an endless number of access devices which puts them at higher risk."

The number one threat for higher ed customers is EXPIRO, an exploit that was first uncovered in 2010. It typically surfaces on systems when a user visits an infected Web site hosting a Java or PDF exploit and is in turn infected. Once the exploit is on the newly infected system, it seeks out EXE files to infect and steals system and user information. The information it collects is saved to a DLL file and uploaded to command-and-control servers for use by the attackers.

Hubbard added that the application of "fundamental security best practices" can "significantly reduce" the rate of infections on campus. Those include:

• Alerting users when new "spear phishing" campaigns surface on the institution's network;
• Using analytics to block user access to "malvertising" (the use of online advertising to spread malware) and "watering holes" (ordinary Web sites infected with malware); and
• Applying DNS layer-based enforcement to block malware-infected devices from communicating with their command-and-control hosts.

OpenDNS is in booth 721.