The University of Westminster has been targeted with nearly 20,000 malicious emails every month since October 2020, including phishing, business email compromise (BEC) and ransomware attacks, according to official figures.
The data was uncovered via the Freedom of Information Act (FOI), and analysed by the Parliament Street think tank, observing the number of email attacks blocked from when the University began keeping records of attack data in October 2020 to December 2021, as well as the types of attack that were blocked.
In total, there were almost 290,000 email attacks blocked by the University of Westminster, during the reporting period, with spam attacks comprising 92 per cent of threats blocked.
The university neutralised over 1,100 phishing attacks each month, where a malicious actor sends fraudulent messages to trick victims into disclosing personal information.
The University of Westminster also disclosed that it successfully blocked 28 ransomware email attacks along with 394 business email compromise (BEC) attacks, where a cyber attacker infiltrates a company’s email system and poses as an employee, sending targeted attacks asking for money to company staff.
Virus and scam attacks accounted for a further 2,648 blocked attacks by the University, since they began taking record of malicious email types in 2020.
Tim Sadler, Co-Founder and CEO of Tessian, commented on the attack: "With so much valuable data - including the personal and financial details of staff and students, intellectual property and world-leading research - universities are a very attractive target for cybercriminals. It just takes one convincing phishing email to trick an employee or student into sharing their credentials or downloading an attachment that contains malware or ransomware, for the institution's security to be compromised. The problem is that so many new students and faculty staff each year, combined with the shift to remote learning during the pandemic, the opportunity for phishing attacks is ripe and the number of attacks is increasing. To tackle this rising threat, universities must ensure that staff and students are educated on threats they could receive and that processes are in place for victims to easily report incidents."
Chris Ross, SVP International, Barracuda Networks, added: “The onslaught of email attacks continues to remain prevalent, as highlighted by our recent report showing that Covid test related email attacks have risen by 521% since October 2021. Fighting these attacks requires constant solutions and it is good to see organisations both recording and preventing email attacks.
“Malicious actors are finding new ways of infiltrating company systems and that requires staff to receive appropriate training to stay vigilant of potentially damaging attacks. Alongside training, email security utilising artificial intelligence is a solution which can help stop attacks at source, flagging unusual emails designed to bypass email protection.”