Munster Technological University hackers will cut their losses and walk away - cyber expert

Director of National Cyber Security Centre warns those whose data may have been affected to take precautions against online phishing attempts

The director of the National Cyber Security Centre, Richard Browne, has confirmed that a substantial amount of data has been leaked from Munster Technological University following a recent cyber attack.

Mr Browne told RTÉ radio’s Morning Ireland that efforts will now be made to sift through what information has been released so that the proper processes can then be pursued by the DPP.

A court order was sought last week prohibiting the sharing and release of the material in Ireland, but Mr Browne said that it is not known yet exactly what material is involved.

He warned that those whose personal data may be affected should take precautions.

READ MORE

“Every now and then people’s personal information is used for fraud, it’s used for financial crime, it’s used for whatever it might be. So the obvious things apply,” he said. “People should keep an eye on their financial details. They should be careful, particularly of any phishing emails or any scams as they would in any case, but particularly in this case.”

Mr Browne said that very often the information that is held in universities and other institutions is not particularly damaging. “It might be your name and your address, but that kind of information is readily obtainable online in lots of cases anyway.”

It was important that people do not download, share or reshare information that was stolen, he said. “The attackers have done what they’re going to do. This is an extremely prolific group and their leak site has over 250 victims.

“This group has only been active for less than two years. This gives you an idea of the scale of operation you’re dealing with here. They will just dump this debt and walk away from them, this attack is over. They’ve lost essentially.

The High Court was told last week that the cyberattack on MTU’s IT system is believed to have been carried out by individuals in a ransomware group known as ALPHV aka BlackCat or Noberus, based in Russia or the former Soviet Union.

“They have spent their money and have got nothing back from it. They’re done. And the question for us now is how do we limit the damage of that data being out there in the world?

Mr Browne said that the majority of such attacks were preventable, but that cyber crime groups like BlackCat use a variety of tools to break into systems. “They use vulnerabilities. So for larger organisations, they need to be very much on top of their patching and their vulnerability management, because sooner or later, the gaze of a group like BlackCat will turn to you and it’ll just be your turn.

“Managing vulnerabilities is a huge challenge and we can do an awful lot at national level to help with that. And we do a lot of work already and we have legislation and further measures coming in the context of the mid-term review of the National Cyber Security Strategy, which will help with that as well.

“There are things individual organisations can do, there are things individuals can do, and there’s things we can do at a national level to help this process as well. This is about the world as a whole dealing with it.

“Working together across governments, particularly chasing down the money, is a really, really valuable tool.”

MTU campuses closed for two days last week, and are due to reopen again on Monday morning.

Vivienne Clarke

Vivienne Clarke is a reporter