Ben-Gurion University targeted by cyberattack, extent of damage unclear
The university stated that it is currently operating regularly, except for "isolated difficulties," adding that "no significant damage to the servers is known of."
By TZVI JOFFRE
A cyberattack targeted Ben-Gurion University of the Negev resulting in a breach in a number of its servers, the university announced on Wednesday.The attack was found during routine scans that were being conducted by the university along with the National Cyber Directorate.The university stated that it is currently operating regularly, except for "isolated difficulties," adding that "no significant damage to the servers is known of."A combined team of researchers from the National Cyber Directorate and the Technologies, Innovation & Digital Division at Ben-Gurion was formed after the breach was found and is working to prevent information leaks and to contain the incident.The team is also conducting scans of all the university's servers.The university stressed that the incident is ongoing as of Wednesday."Ben-Gurion University of the Negev, like other institutions around the world, is a quality target for cyberattackers. Our cyber capabilities, together with the National Cyber Directorate, identified the intrusion into our systems and are working to address it as quickly as possible and reduce potential damage," said Prof. Daniel Chamovitz, president of the university, in a letter to faculty and students. "This is a serious incident and at the forefront of my mind at the moment is the need to curb intrusion and strengthen the protection of the digital array and university servers by all necessary means. We will not spare resources for this. Simultaneously, I have instructed the establishment of a separate team to produce lessons and recommendations for the future, in order to ensure that such events do not recur."It is unclear who carried out the attack.Cybersecurity consultant Einat Meyron explained that it is "not easy to manage an information security system in an academic institution," as academic freedom that cannot be impacted by an invasion of privacy becomes "a significant cyber risk.""An information security manager is required to maneuver among a great many executives, who each see things in their own unique way, along with day-to-day dealing with challenges provided by the faculties that use state-of-the-art technologies and therefore are much more vulnerable, along with the easy identification of the edu extension," added Meyron.
"It should also be understood that from the outset, academia is an attractive target for any attacker, whether he is a hostile state factor or an attacker who wants only monetary gain, since the studies in which thousands of man-hours, patents and knowledge have been invested are worth a lot of money in the business world," said Meyron.The consultant added that it is "much more efficient and cheaper to set up a team ahead of time to reduce cyber risk exposure and formulate organizational information security policy," than to set up a team to learn lessons after the fact."Usually, when it takes place in the organization, led by the CEO, the function of the information security manager improves immeasurably and as a result, the level of organizational resilience also increases," added Meyron.The attack on the university comes after a series of recent cyberattacks on Israeli businesses and institutions, including Israel Aerospace Industries, the Shirbit insurance company and the Amital software company.The National Cyber Directorate reported that it handled more than 11,000 inquiries on its 119 hotline in 2020, 30% more than it handled in 2019. The directorate made about 5,000 requests to entities to handle vulnerabilities exposing them to attacks and was in contact with about 1,400 entities concerning attempted or successful attacks.