New cyber threat alert for higher education sector

padlock graphic

The Tertiary Education Quality and Standards Agency (TEQSA) has alerted all Australian higher education institutions to an emerging cyber security risk.

TEQSA Chief Executive Officer Alistair Maclean said researchers from the United States have provided evidence to TEQSA of instances where Australian higher education websites on the ‘edu.au’ domain appear to have been compromised by companies working on behalf of commercial cheating service operators.
 
“Cyber security breaches on the ‘edu.au’ domain present a risk to student interests and the reputation of Australia’s higher education sector,” Mr Maclean said.
 
“The researchers who informed TEQSA have identified four key types of malicious code in their scan of the ‘edu.au’ domain that serve to redirect students to an illegal cheating service site.”
 
The type of malicious code identified by the researchers included: 

  1. Search query redirect – code inserted into a provider’s website to redirect students to a cheating service website from specific URLs.
  2. Content injection – embedding a link to a commercial cheating service website within a provider’s website.
  3. Comment injection – comments inserted to propagate or provide links to commercial cheating services in discussion forums (especially in WordPress).
  4. Compromised recomposition – fake scholarship/essay contests inserted into provider websites, designed to harvest original student work that the commercial cheating services then on-sell.

Mr Maclean said TEQSA had written to all registered higher education providers outlining actions they should take to protect their websites against this emerging integrity risk, and published advice for students.
 
“Academic integrity and cyber security are two areas of focus for TEQSA’s Higher Education Integrity Unit,” Mr Maclean said.
 
“We know higher education providers also take these matters seriously – and we greatly appreciate the ongoing collaboration and partnership from across the sector in responding to these risks.”
 
The 
Australian Cyber Security Centre also has information on recommended mitigation strategies for Australian organisations, including a resource aimed at assessing security vulnerabilities and applying patches.

Comments