Higher education endpoints at higher risk for data leakage

by Charles Leaver

October 22, 2013

access_time 4 min read

Students provide universities with a surprising amount of personal data. From names, addresses and phone numbers to credit card and other payment information, an institution requires a lot of information for student enrollment and class participation.

However, a new study from OpenDNS recently discovered that endpoints on the networks of universities and other higher education institutions are 300 times more likely to be infected by malware than are the networks maintained by other organizations. According to the study, college and university networks are more likely to have malware present than the networks of government entities or enterprises - a worrisome trend for institutions seeking to minimize the possibility of data leakage.

"That [percentage] was somewhat of a surprise to us," OpenDNS CTO Dan Hubbard told Dark Reading. "You always hear about universities being more open than regular corporations and organizations, but these numbers were a little higher than we expected."

More users with insecure activities
Hubbard told SC Magazine that higher education institutions are more likely to have compromised endpoints due to a larger user base connecting to the network.

"It's not that they are a target per se, but they are probably more infected because the students don't have proper protection when they are off campus," Hubbard said.

Hubbard explained that many students utilize laptops and other mobile devices off campus on unsecure Wi-Fi networks. Students may also be engaging in riskier activities online than a traditional user, which can make the school's network more vulnerable to attacks.

EXPIRO malware
A top infection found on university networks was a malware sample called EXPIRO. The infection targets users with weak Java plug-ins or Adobe PDF installations via exploits kits. According to Dark Reading, EXPIRO usually targets local, removable and network drives by installing malicious Chrome and Firefox extensions.

Hubbard said EXPIRO is a file infector that snoops internal data including web history, certificates and passwords. Once it collects the information, the malware places it in an encrypted file and sends it to the attacker.

The infection spreads through drive-by attacks or email phishing campaigns, where users are redirected to malicious websites that can disable an infected machine's security, stated Dark Reading.

While Hubbard said the common university practice of an open, unmanaged network can make these establishments more vulnerable to an EXPIRO infection, they can still utilize best practices for endpoint security. He advised higher education administrators to notify students of current malware campaigns that could target their establishment.