Higher Ed Sees Massive Spike in Encrypted Threats and CryptoJacking in First Half of 2023

Higher education institutions in the United States are experiencing a “massive spike” in encrypted threats and cryptojacking so far this year, even as ransomware and unencrypted malware attacks have slowed, according to SonicWall’s 2023 Mid-Year Cyber Threat Report.

Overall intrusion attempts were up during the first half of 2023 compared to a year ago, with cryptojacking volume breaking all previous records, SonicWall said, as threat actors “shifted away from traditional ransomware attacks in favor of a stealthier means of malicious activities.” 

In the first six months of 2023, SonicWall threat researchers recorded 3.7 trillion overall intrusion attempts globally, a 21% increase over the same period a year prior. 

The data, though, reveals two divergent trends, the report said: An increase in low-severity intrusion attempts such as pings and other generally benign actions, and a decrease in medium- and high-severity intrusions. These attempts, also referred to as “malicious intrusions,” fell 7% in the first half of 2023, to 5.3 billion.

Intrusion attempts targeting education fell by 59% from a year ago, yet a third of education organizations experienced an intrusion attempt each month in the first half of this year — making education the second-most-targeted industry overall.

The data suggests that threat actors are targeting the education sector at an unprecedented rate – more than any other recorded vertical, SonicWall said.

Overall, the United States saw a 49% drop in ransomware attacks during the first six months of 2023, compared to the same period a year earlier. 

Higher ed saw ransomware attacks rise by just 6% year-over-year, a slower pace than recently recorded spurts; SonicWall said every sector except government and higher education experienced fewer ransomware attacks so far this year.

a line graph shows the education sector was targeted more than all other sectors by cyber threats during the first half of 2023

Malware attacks targeting higher ed fell by 42% from January through June, compared to the same period in 2022, SonicWall said. IoT malware, on the other hand, fell slightly overall and decreased by 73% in the education sector, the report said.

Malware is increasingly being delivered through encrypted means, SonicWall said. 

Encrypted threats targeting higher ed jumped to 88,178 incidents, a 997% increase from the same time period in 2022. A corresponding increase in percentage of customers targeted was also observed: about 9.4% of education customers saw an attack in the first six months of 2023, compared with 8.9% a year before.”

Cryptojacking is rising exponentially, SonicWall reported, as threat actors seem to be opting for less-threatening ways to earn revenue from their cyber crimes. 

In 2022, cryptojacking surpassed 100 million for the first time ever, according to SonicWall. In the first six months of 2023, attack volumes have not only eclipsed that milestone, they’ve more than tripled it, rising 399% to more than 332 million hits — compared to just 66.7 million during the first half of last year. 

Cryptojacking attacks targeting higher ed rose by 480% to about 354K hits in the first half of this year, the biggest jump of all sectors, according to the report. Meanwhile, K–12 schools were targeted by cryptojacking more than 51 million times during the same period, SonicWall said.

New Cryptojacking Trends 

“Cybercriminals continue to shift away from the quick payout of ransomware in favor of the slower, behind-the-scenes approach of stealing compute power to mine digital currency,” SonicWall said. “To help their chances of success, these cybercriminals constantly shift their tools, tactics and procedures.”

Following are some of the biggest developments in cryptojacking observed by SonicWall in the first half of 2023, verbatim from the report:

  • “Threat actors are quickly shifting from targeting endpoints to targeting cloud services, including one leveraging Kubernetes clusters to mine Dero.

  • “MacOS endpoints have also been in the crosshairs, with cracked versions of FinalCutPro being used to distribute HonkBox cryptojacking malware.

  • “Oracle WebLogic servers are the target of a new crypter known as ScrubCrypt, designed to evade Windows Defender protections.

  • “SonicWall has continued to observe attackers skipping cryptojacking altogether in favor of stealing crypto directly: In late March, we observed a new variant of AsyncRAT designed to steal Bitcoin, Ethereum and Tether.”

Download the full report at SonicWall.com/threatreport.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • abstract pattern of shapes, arrows and circuit lines

    Internet2 Announces a New President and CEO to Step Up in October

    Internet2, the member-driven nonprofit offering advanced network technology services and cyberinfrastructure to the research and education community has completed its search, which began this past May, for a new president and CEO to take the helm.

  • shield with an AI microchip emblem hovering above stacks of gold coins

    AI Security Spend Surges While Traditional Security Budgets Shrink

    A new Thales report reveals that while enterprises are pouring resources into AI-specific protections, only 8% are encrypting the majority of their sensitive cloud data — leaving critical assets exposed even as AI-driven threats escalate and traditional security budgets shrink.

  • stack of gold coins disintegrates into digital particles against a dark circuit-board background with glowing AI imagery

    MIT Report: Most Organizations See No Business Return on Gen AI Investments

    A recent report out of the MIT Media Lab found that despite $30-40 billion in enterprise spending on generative AI, 95% of organizations are seeing no business return.

  • young man in a denim jacket scans his phone at a card reader outside a modern glass building

    Colleges Roll Out Mobile Credential Technology

    Allegion US has announced a partnership with Florida Institute of Technology (FIT) and Denison College, in conjunction with Transact + CBORD, to install mobile credential technologies campuswide. Implementing Mobile Student ID into Apple Wallet and Google Wallet will allow students access to campus facilities, amenities, and residence halls using just their phones.