Western Sydney University (WSU) has been at the forefront of two cyber attacks last week, making it the fourth major cybersecurity issue for the University in the last year.
The continued incidence of these issues is worrying for all students as the recent attacks have been a compromise of their single sign-on accounts, resulting in unauthorised access to demographics, enrolment and progression information of around 10,000 current and former students.
DVULN CEO Jamieson O’Reilly said the recent cyber attacks also included the leak of students’ personal data on the dark web.
“Once you do get access to a single sign-on account, you’ve then got access to the other services that a person would have, ” Mr O’Reilly.
In 2024, CyberCX data revealed that the education sector accounted for 8 per cent of serious incidents, though this figure is placed behind healthcare and financial services, the frequency of these issues is the focal matter that WSU is facing currently.
Cyber extortion tactics have evolved from 2023 to 2024, adding another level of complexity for the University’s cybersecurity. For example, ransomware-only attacks is where hackers encrypt data and demand payment for its release, without stealing the data itself, have increased by 192 per cent. Whereas extortion-only attacks that involve hackers stealing sensitive data and threatening to publish it unless a ransom is paid, without encrypting the victim’s files, have decreased by 66.7 per cent.
While hacking strategies are changing, students are becoming accustomed to these security issues. Western Sydney University student Jessica Jenkins expressed concerns about the prevalence of the breaches.
“This isn’t the first time an incident has happened…there [have] been a few in the last year where hackers have been able to access sensitive information and distribute it onto the dark web,” Ms Jenkins said.
“I have become desensitised to this as it does happen quite frequently, [and] I have unfortunately lost a bit of faith in the University’s ability to keep our private information safe.
“I haven’t heard any discussion on campus about the cyber attacks, I think like myself the students have been accustomed to the incidents.”
The CyberCX report has also highlighted that Business Email Compromise (BEC) attacks have become more sophisticated, showing that 75 per cent of attacks in 2024 involve techniques that bypass the multi-factor authentication (MFA) system, which is a substantial increase from 10 per cent in 2022.
Additional reporting by Molly de Cseuz.
Feature image sourced from here.