[BreachExchange] Student Loans Company hit by a million cyber attacks last year

[Destry Winant]

https://www.itpro.co.uk/security/32902/student-loans-company-hit-by-a-million-cyber-attacks-last-year

The number of cyber attacks against the SLC has exploded from just
three attempts in 2015/16

The Student Loans Company (SLC) sustained nearly one million cyber
attacks in the last financial year, including one successful
'cryptojacking' malware attack.

The government-owned loans and grants body for universities and
colleges suffered an attempted 965,639 cyber attacks during 2017/18,
according to a Freedom of Information (FOI) request made by the
Parliament Street think tank.

This was in addition to 323 attempted malware attacks, and 235
malicious calls or emails during 2017/18, all of which were
unsuccessful.

The one successful cyber attack saw the domain slc.co.uk inflected
with Monero cryptocurrency mining malware via a third-party plugin.

This was considered a third-party incident given the website is hosted
by a third-party supplier. SLC said the website only hosts
publicly-available material, so no customer data was involved.

Parliament Street asked the SLC for details surrounding attempted
cyber attacks during the last three financial years, broken down by
year, and the type of attack. The attacks were categorised by malware,
denial-of-service, malicious calls/emails and cyber attacks.

The figures also show the SLC has become a far more attractive target
for cyber criminals in a short space of time. In 2015/16, the
organisation sustained just three attempted cyber attacks, and only 95
the following year.

This is not a surprise considering the body holds a loan book worth
£117.8 billion, according to its 2017/18 annual report, and holds data
on 8.1 million registered customers, much of it highly sensitive and
financial in nature.

An SLC spokesperson lamented the soaring number of cyber attacks,
suggesting "they have become a part of life".

"Firstly we'd stress that malicious online activity affects every
organisation and individual," the spokesperson told IT Pro.

"It is also necessary to put in context that 99.9 % of the "attempts"
recorded in 17/18 present an extremely low level of threat. The
apparent increase in 17/18 figures is largely due to changes in the
way security incidents are recorded.

"It is also worth stressing that, while we remain permanently aware
and vigilant, every one of these attempts was detected and prevented
at an early stage, with no violation of systems or data security.

"Cyber security will always remain a top priority for SLC and we
continue to invest in the technical expertise and resources required
to keep information safe."

The number of attempted cyber attacks for 2017/18 is significantly
higher than usual, according to the SLC, because the figures recorded
contained the number of blocks at the security perimeter. Of the
near-million attempts, 127 were not blocked and run as incidents, with
the only successful attack the Monero 'cryptojacking' infection.

"The sharp rise in cyber attacks is a trend we are seeing in all areas
of the public sector, particularly following the WannaCry attack on
the NHS in 2017," said Parliament Street CEO Patrick Sullivan.

"It's more important than ever that organisations such as The SLC
protects the confidential financial information it holds from
third-party attacks, but investing in encryption and cyber
initiatives."

Imperva's senior vice president Terry Ray added it was unsurprising
the SLC has found itself with a target on its back, given the sort of
data it handles.

"It's no surprise that cybercriminals are relentlessly targeting the
personal financial details of students, putting the wellbeing of tens
of thousands of individuals at risk," he said.

"Tackling this problem means investing heavily in the latest
cybersecurity measures, to keep hackers out and limit the risk of a
major data breach."