UK tertiary education institutions and research centres will soon get an extra layer of cyber-protection against ransomware attacks, says Jisc, which runs the UK’s computer network for the research and education sectors, Janet.
At least half of major ransomware incidents experienced by the sector since August 2020, Jisc says, have been caused by attackers exploiting the Remote Desktop Protocol (RDP), a common way for users to access their computers or servers remotely from another device. After consulting the sector during summer 2021, Jisc will automatically block access from outside the UK to RDP (port 3389) from March 28, 2023. Only inbound traffic from known UK IP addresses will be allowed to proceed to port 3389. Existing restrictions will shift from an opt-in control to being on by default.
This follows updates to the policies that guide the use of Janet, to which all UK colleges, universities and research centres are connected.
Jisc’s director of information security policy and governance, Dr John Chapman, says: “The use of ransomware against our sector and globally has ramped up over the past couple of years and some attacks against colleges and universities have been devastating. Organisations can still opt out of restrictions to specific IP addresses if they wish to, but they must accept the greater risk of a serious cyber-security incident.
“Controlling access to a known attack vector will help protect the sector as a whole against this type of attack.”
In a recent speech on ‘defending democracy’, the Home Office minister Tom Tugendhat referenced ‘foreign interference in public office, political parties and universities’. In 2018, the UK Government complained that the Mabna Institute based in Iran ‘was responsible for a hacking campaign targeting universities’, worldwide.
About Remote Desktop Protocol (RDP)
It’s a means for users to connect to servers, collaborate with other employees or students and remotely access desktops as they would were they in their office or on campus. It is typically less secure than connecting via on-site computers because access is usually using a username and password with no other authentication controls. This makes users vulnerable to malicious actors who use phishing or social engineering to gain login details, thus gaining access to organisations’ internal systems.