Over the past several months, Microsoft"s digital security teams have issued alerts and reports on how cybercriminals are trying to influence the upcoming 2024 US presidential election. However, that"s not the only cyberattacks that Microsoft is trying to fight against.
In a new report issued this week, Microsoft went over the threats of cybercriminals going after both lower and higher education industry targets. Indeed, the report says that industry was the third biggest target for cyberattacks in the second quarter of 2024 and that the United States was the country that had the biggest threats in that area.
One of the more interesting statistics in this report was that every day, according to data from Microsoft Defender for Office 365, over 15,000 messages with malicious QR codes are sent to educational targets. Those QR codes could download malware, generate spam emails, or engage in phishing activities if a user tries to use one.
Microsoft stated:
Legitimate software tools can be used to quickly generate QR codes with embedded links to be sent in email or posted physically as part of a cyberattack. And those images are hard for traditional email security solutions to scan, making it even more important for faculty and students to use devices and browsers with modern web defenses.
Microsoft says that in the past year, it has made efforts to disrupt QR code-based phishing attacks, cutting them down from three million in December 2023 to just 179,000 in March 2024.
This same report says that nation-state actors are going after universities more and more. That"s because these institutions have high-level research and experts in a variety of fields. Many of them also work with the US government on joint projects. These state actors may find it easier to target a university with ties to the government or the military rather than a more direct attack on these more secure sources.
Microsoft says some educational institutions, such as Oregon State University and the Arizona Department of Education, have taken extra steps to secure them from cyber attackers. Arizona"s schools, for example, block all traffic from outside the US from its local data center, along with its Microsoft 365 and Azure online services.