A new Microsoft Threat Intelligence report out today highlights the growing cybersecurity challenges facing educational institutions and the growing number of threat actors targeting them.

The report, based on telemetry data from Microsoft Defender for Office 365 and 78 trillion daily security signals processed by Microsoft across various platforms, found that educational institutions face an alarming average of 2,507 cyberattack attempts each per week. The number places education as the third most-targeted industry in the second quarter of this year.

According to the report, education institutions across the U.S. and globally are vulnerable to a variety of threats, including phishing campaigns, internet of things vulnerabilities and nation-state attacks. One particular trend noted in the report is a surprising rise in malicious QR code messages, with Microsoft finding more than 15,000 malicious QR code messages sent daily to the education sector via Microsoft Office 365.

Higher education institutions, such as universities and colleges, were found to be of particular interest to attackers seeking to steal intellectual property and gain access to sensitive research. Nation-state actors, including those linked to Iran and North Korea, were noted as leveraging social engineering tactics and sophisticated malware to breach university systems.

Perhaps unsurprisingly, among the targets in higher education institutes is artificial intelligence research and development. Universities often house cutting-edge AI projects, many of which are tied to government, defense or private-sector partnerships. That makes them high-value targets for nation-state actors and cybercriminals alike seeking to steal IP or gain unauthorized access to sensitive data.

The report also notes that the collaborative nature of university environments makes them particularly vulnerable, as professors, researchers and students share information openly, sometimes without fully scrutinizing the sources. Attackers can use compromised accounts to pivot toward more valuable targets, leveraging access gained from academic institutions to infiltrate government or defense-related entities. The blending of research and real-world application makes AI a high-stakes target for espionage and cybercrime in higher education.

To counter the growing threats, Microsoft recommends that education institutions prioritize security hygiene, deploy multifactor authentication and improve endpoint security, particularly on personal devices. The report also emphasizes the need for increased vigilance and cybersecurity awareness in an industry where valuable research, personal data and sensitive information are at constant risk.

Image: SiliconANGLE/Ideogram