Educational Institutions Websites Found Vulnerable to Multiple Threats

As the world went digital following the lockdowns due to the COVID-19 pandemic, educational institutions also switched to online teaching methods. This made it even more important for the institutions to take care of the cybersecurity status of their online portals and websites. However, latest research has found websites of numerous educational institutions vulnerable to cyberthreats.

Educational Institutions Websites Vulnerable

According to recent research by MacKeeper, a technology firm focused on securing and empowering Mac, reveals how multiple security flaws make the websites of numerous educational institutions vulnerable to cyber attacks.

As elaborated, they assessed 89 different educational websites (with .edu domains) for their security status. Consequently, they found 293 vulnerabilities posing a threat to these websites. Further analysis made them group these vulnerabilities into five different categories. These include content spoofing, subdomain hijacking, malicious redirections, and unrestricted file uploads.

Exploiting these vulnerabilities can lead to various dangerous consequences. These include anything from simple website defacement to remote code execution, website takeovers, and a compromise of the infrastructure.

A quick overview of the bugs and the subsequent impact

Specifically, they found a majority of these issues existing due to vulnerable and outdated WordPress CMS. Such bugs included 138 vulnerabilities, followed by 67 content spoofing issues; 59 bugs allowing URL redirection to untrusted sites related to awkward subjects; 25 flaws allowing unrestricted file uploads, and 4 issues due to insufficient security controls at subdomain levels.

While vulnerable CMS potentially affects the specific website only, the other flaws may have a long-term impact on the business reputation as well as the customers.

For instance, MacKeeper observed that exploiting content spoofing flaws allow an adversary to meddle with the website’s content by injecting malicious code. This might also affect the website’s ranking with Google SERPs. Such vulnerabilities also allow stealing users’ credentials.

Similarly, malicious redirect issues posed a significant threat to site visitors. Researchers observed that most untrusted redirections from these educational websites lead to “prohibited content and questionable businesses”. Some of these redirections promoted online gambling sites, custom essay writing services and adult websites.

Likewise, by exploiting file upload vulnerabilities, an adversary can possibly send malicious executables to the website server. This will allow the attacker to move laterally on the shared IT infrastructure.

Prevention Is Better Than Cure

The vulnerabilities pose a serious threat to the security of numerous educational websites. However, as the report indicates, most of these issues exist due to a lack of attention from these educational institutions with regard to their websites’ security.

For instance, a majority of issues that exist due to outdated WordPress CMS simply require the site owners to keep their CMS up to date. All subsequent bug fixes will automatically be implemented with this single action of updating.

As the report states,

Sadly, the cause of many vulnerabilities usually lies in the indifference shown to the common security requirements of a modern website. Fortunately, though, they can all be prevented.

Therefore, what educational institutions need to do is to focus on improving their website and overall IT infrastructure. They should invest more towards cybersecurity and ask their IT personnel to implement all measures necessary to prevent such minor issues as the ones referred to in this report.

With a little vigilance in prevention, these institutions can successfully avoid falling a victim to devastating cyber-attacks.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients