The hackers who tried to lay the network of Eindhoven University of Technology in January used accounts that had previously been hacked and whose login details on the Darkweb could be found. This is the conclusion of a study that cyber security company FOX-IT has commissioned the university.
It was previously known that these accounts were once hacked and the university had the account holders change their password. But the employees reused their old passwords and that was not automatically stopped.
In addition, the university had no multi-factor authentication on the log-in of the VPN system. This allows users to connect to the network outside the campus, for example at home. Introduction of this multi-factor authentication was planned for the first half of 2025, but had therefore not happened yet.
Hacker has been in network for days
The cyber attack was discovered on Saturday evening, January 11. According to the researchers, the attackers had succeeded in breaking in the network a few days before. On Monday, January 6, they connected to the VPN system for this tried to log in the hackers with three different accounts, an attempt of which succeeded.
The research shows that the university crawled through the eye of the needle. De Hacker managed to give himself far -reaching access to the network. This free the road to nosh around in the network and to look for interesting files. The person could have ‘taken’ the entire system. This means that it will be locked digitally and is only released when an amount of ransom is paid, a so -called ransomware-attack.
No ransom paid
In the end it didn’t happen, because TU Eindhoven took the network offline that same night. That is why lectures were deleted and exams were postponed. That happened when the hacker tried to eliminate the backups. Without backup, a digital hostage-taking is much more successful. Victims of ransomware often have two options: restore the backup, or pay ransom. That was therefore not paid either.
In the meantime the vulnerabilities in cyber security have been tackled, the university says. The university also says it will continue to invest in this. “It remains a weapon race in which you can never stand still,” concludes Vice -President Patrick Groothuis.
Who is behind the cyber attack remains unclear. It is probably a ransomware group that was after ransom.
