On the road to a safe cyberworld
Every day, countless companies and organizations fall victim to cybercriminals. Their computer systems are attacked using destructive viruses, hacked via phishing and sometimes completely shut down as a result. According to estimates, cybercrime accounts for annual worldwide losses of EUR 500 billion. “And it’s only going to get worse,” says Michiel Borgers. “It’s war and we’re right in the middle of it.”
As Chief Information Officer at Maastricht University, Michiel Borgers is responsible for digitalization and all of the IT systems. There’s a reason he uses such strong terms when it comes to cybercrime. On December 23, 2019, he found himself in the middle of an outright nightmare: 267 servers containing all of the data and systems were locked down. It soon turned out that these were taken hostage by hackers.
“I knew right away something was terribly wrong,” he says now, looking back at the incident that occurred nearly a year and a half ago. “Everything went quiet. Students and teachers could no longer access the files they needed, the administrative system shut down, research data was inaccessible and giving classes was no longer possible. You know that IT is important, but it’s times like these that you realize that you are completely dependent on it. This doesn’t just apply to us, but to the entire world; hospitals, companies, logistics systems, transport, everything. We learned the hard way that we need to do a better job protecting these critical systems.”
The perpetrators were most likely Ukrainians living in Russia, and it didn’t take long for them to make their demands known. They demanded a ransom of nearly two hundred thousand Euros, paid in bitcoin, to release the servers. “Over my dead body, was my first thought. If we pay, it means we’re doing business with criminals and we’re talking about public funds. However, rebuilding everything myself would take about three months. The damage from that would far exceed two hundred thousand. So the Board of Governors decided to pay.”
Cards on the table
The initial reaction was to avoid widely publicizing the situation. “We quickly reversed course on this too. We decided to lay our cards on the table and warn other organizations, telling them how the criminals did it and where we failed. Painful? I don’t really think the shame is justified. Should someone be ashamed if their house gets broken into? You can prevent these crimes in the future by sharing information on them. And maybe even catch the perpetrators, although that’s hard to do when it comes to cybercrime. Leads about the hack seem to point to Russia, and criminals may find it easier to do as they please there. Cybercrime is part of a global digital war. Perhaps if we take a stand at the European level, we can achieve something.”
The Maastricht University systems were up and running again within four weeks. The UM received an award for its open communication, in part because other organizations were able to take measures as a result of the publicity. This was not the end of the matter, however. “No way,” Michiel Borgers continues. “This must never happen again; we were in complete agreement about that. First, we analyzed what went wrong. It started with an employee who clicked on a phishing message. That was in October 2019. The hackers had all the time they needed to do their work after that. They tracked down passwords and keys and appropriated login rights. They apparently had enough information by December, and the systems were down within an hour.”
So, all it takes to carry out an attack using ransom software is one wrong click? “No, and I don’t think that we should blame people who click a message like this. Phishing messages are starting to look deceptively real. As an organization, you have to make sure that a criminal breaking in doesn’t immediately spell disaster. You could compare it to a burglar in your house. If he forces the door, you shouldn’t keep your valuables, money and car keys on the hall table. Valuables, such as data and files in our case, need extra protection. And this can be done with all sorts of software, keys and security. This is all in order here now, of course.”
So, better security is crucial, but so is paying better attention. “Yes, if we had paid more attention to certain signs after that fatal mouse click, we could have prevented a lot of problems. These clues might include a slower computer, a virus scanner that drops out, software that is secretly installed or abnormally high data traffic. IT specialists can pick up on these kinds of signs. We quickly set up a Security Operation Center that monitors all traffic, day and night. Every abnormality is investigated. Rapid response is crucial. And believe me, this is necessary; we face attacks and attempts every single day. So far, we’ve managed to keep everything at bay. Does this mean we’re safe? You can never say this with 100% certainty.”
UM has invested considerable amounts of money in software, equipment and manpower to keep criminals out. In Michiel Borgers’ view, “home security” is not enough to win the war. “We need to work together, warn each other and share information. After the hack, collaboration in Dutch higher education really got off to a good start. But cybercrime doesn’t care about borders. If we’re safe, the criminals will just find other victims. Companies, hospitals, power plants, you name it. Worldwide. If we all work together, across borders, hopefully we’ll be ready for battle. In that sense, I really see a great opportunity for Brightlands Smart Services Campus in Heerlen to play an important role as a cybercrime prevention center.”
Source: Brightlands newsletter
Cybercrime is part of a global digital war. Perhaps if we take a stand at the European level, we can achieve something.