How Kazan students save universities from cyberattacks
Now, in the midst of the work of admission committees in universities and colleges, not only applicants but also hackers are active. Attackers launch attacks precisely when the IT systems of educational institutions experience peak loads and are intensively used by future students. Just a couple of years ago, universities viewed hackers’ activity as an invasion of locusts — the same inevitable, massive and destructive disaster. But today, students from some universities are trying to resist attacks on their own gaining invaluable practical experience in cybersecurity. — in the author's column of “Realnoe Vremya” , In a column of Realnoe Vremya, head of the Cybersecurity Academy at Innostage Nina Shipkova explains How they manage to do this and what role the Priority 2030 federal programme plays in their training.
Students vs hackers
Hackers pursue several criminal goals at once by attacking universities. First of all, an effective attack can disrupt the admission of students, undermine the image of the educational institution and even discredit the entire state educational system. In addition, hacking fpersonal accounts of applicants, students and university employees results in the theft of personal data, and sometimes the seizure of other accounts of the victim — from e-mail services to online banking. In some cases, theft or encryption of data related to intellectual property — research, innovative developments and other scientific works — may occur.
Since 2021, according to the National Security Strategy of the Russian Federation, information security is included in the list of state priorities. Under the Priority 2030 programme, much attention is paid to the digital sustainability of universities and scientific organisations. This year alone, 119 universities from 50 regions of Russia are participating in it, they will receive over 30 billion rubles. The Priority 2030 programme pays much attention to the digital sustainability of universities and scientific organisations
The programme is implemented within Personnel for the Digital Economy federal project of Digital Economy of the Russian Federation national program. As Russian President Vladimir Putin pointed out in his address to the Federal Assembly, by the end of the decade, more than 100 progressive domestic universities — centres of scientific, technological and socio-economic development of the country — must be created.
In this regard, reliable protection of educational institutions' information systems from cyber threats is successfully implemented and supervised, advanced data protection technologies are introduced within the Collection of Best Practices of the project, and research and development of new solutions to increase the sustainability of cybersecurity are especially developed. But it is not so easy to ensure the proper level of protection of critical systems and services through the efforts of the universities alone: modern means of information protection are needed, as well as employees who know how to operate them correctly.
This is an operating anti-cyberattack centre where the main role is performed by students under the guidance of their teachers and experts with real-life experience. All project participants undergo introductory practical training and stay in touch with mentors throughout their participation in the project.
There are more and more cyber defenders
In February 2024, with the addition of Neimark IT campus from Nizhny Novgorod, the educational project was scaled up to the Volga region and received a broader name Student SOC. A couple of months later, it became all-Russian and now includes about ten universities from Murmansk in the west to Vladivostok and Blagoveshchensk on the eastern borders of the country.
The Student SOC model ensures the cyber resilience of universities and solves the personnel problem: students fight back against hackers, participate in blocking and investigating attacks on their universities, gain experience working with modern programmes and equipment. In addition, they are actively involved in student cyber battles — tournaments where they hone their information protection skills and explore hacking tools.
The All-Russian University Cyber Battle is another project that has become an organic addition to the Student SOC. M entors evaluate the practice-oriented training of specialists, help participants see points of professional growth and outline new goals through elements of gamification and competition. In September, as part of the international Kazan Digital Week 2024 IT forum, the 3rd All-Russian University Cyber Battle will take place. .
By the time they receive their diploma, or even a year or two before this event, the Student SOC participants who are actively involved in student battles become sought-after specialists who can choose from a dozen offers from large companies.
How many attacks are made on universities
During the first half of 2024, Russian universities became the targets of numerous cyberattacks. Both top 10 universities and regional alma maters received them. Detailed statistics were collected on the infrastructure of Tatarstan universities, which were the first to enter the Student SOC; they also experienced an increase in the number of incidents.
According to reports on the pilot four universities, the largest number of incidents were registered and processed at Kazan Aviation Institute. Reports for April and May show 5,490 and 5,304 suspicious activities, respectively, which is likely directly related to increased activity in online interactions between students and applicants.
The interfaces for document submission and applicants' personal accounts are mainly affected by the failures, which makes applicants and their parents very nervous. Someone, who has encountered such an obstacle may even refuse to enrol in a particular university.
In general, a number of cases were identified across the consortium of universities in May and June that potentially indicate attempts to secure malware. The Student Centre for Monitoring and Response to Cyber Threats based at Kazan Aviation Institute recorded 4,488 correlation rule triggers, but most of them turned out to be false. At the same time, June showed a significant decrease in false and an increase in real incidents.
Greater security of the university perimeter has cooled hackers’ ardour in using tools to get into the corporate network. Thus, in June, the number of incidents related to port scanning decreased by half, and network attacks decreased by 5 times.
At Kazan State University of Architecture and Engineering, 310 attempts to access the LSASS process memory with the threat of leaking sensitive data were recorded in May and June. This is one of the key factors showing increased hacker attention.
There is almost no such thing as accident-free infrastructure. The most important thing is that information security events posing a real threat to the digital stability of the university not occur. According to statistics from the Centres of Higher Education Institutions protecting the infrastructure of the four universities in Tatarstan, no such critical incidents have been identified since the beginning of the summer.
Thanks to 24/7 event monitoring, the Cyber Threat Counteraction Centre sees almost everything that happens in the infrastructure, identifies any suspicious activity and responds to it promptly.
Every year, Russian universities face an increasing number of cyberattacks that start almost simultaneously with the online reception of documents. The solution to the problem turned out to be simple — to defend ourselves.