Incident Response, Malware, TDR

Study: Most higher ed malware infections attributed to ‘Flashback’

A security ratings firm found that Flashback – a trojan noted for infecting hundreds of thousands of Mac machines – was the most prevalent malware impacting institutions of higher education.

On Thursday, BitSight Technologies released its first report focusing on education sector performance and highlighted the incidence of malware targeting Apple users.

The company grouped its findings on schools according to athletic conferences the institutions were a part of – the Big 12, Ivy League, SEC, Pac-12, Big 10 and ACC. All of the schools were large to medium-sized universities with student populations of more than 2.25 million people and a network footprint of more than 11 million IP addresses, the study said.

BitSight aggregated public information on the colleges, observing security events and configuration data between July 2013 and June 2014.

Flashback infections were detected in each of the school groupings, but were most prevalent among colleges competing in the Ivy League conference (including Harvard, Yale and Princeton), where the malware accounted for nearly 33 percent of infections on school networks. Following closely, were schools competing in SEC conferences (such as Vanderbilt and Louisiana State University), where 26.7 percent of malware infections were attributed to Flashback. At Pac-12 schools (including UCLA and Stanford), the trojan caused 18 percent of infections, the report found.

Flashback was discovered in 2011 and, by 2012, had ensnared up to 650,000 users in a botnet. The trojan is capable of a number of malevolent actions, including stealing data, hijacking search results and installing additional malware. Apple quickly took measures to eliminate the threat, such as releasing two updates for Mac OS X to correct the vulnerability that was enabling Flashback to spread, but as recently as January, researchers detected that the malware was still active and infecting computers.

“In our previous analysis of different industries, from retail to finance, we have never encountered such a high number of Flashback events,” the BitSight report said. The firm said that the incidence of infections could be attributed to the fact that “Mac computers are ubiquitous on college campuses,” as well as students who may fail to implement security updates for their computers in a timely manner.

On Thursday, Stephen Boyer, founder and CTO of BitSight Technologies, told in an interview that higher education institutions often become easy targets for malware attackers because “student populations don't necessarily have a central security management [system],” like in corporate environments.

“It's a potential danger to the students' [data], and then also intellectual property on machines that may contain research,” Boyer said.

The report did show, however, that schools with the highest security ratings had a CISO or director of information security on staff, he added.

“Even though education as an entire sector isn't doing well, there are patterns among [schools] that are doing well,” Boyer said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.