With Indian educational institutions rapidly adopting new technology, they have become vulnerable to a wide range of cyberattacks due to critical gaps in countermeasures and lack of awareness, according to the latest report by non-profit CyberPeace Foundation.
The report titled ‘Exploring Cyber Threats and Digital Risks to Indian Educational Institutions’ was released at an event on Tuesday. A Cyber First Responder initiative focused on Cyber Resilience & AI Safety was also launched in collaboration with DELNET. Supported by Google.org, the initiative has been designed to equip stakeholders with the essential skills to combat growing cybersecurity threats.
“In a world of AI and rapid tech shifts, disruption should be our teacher, not our threat…we must invest in proactive policing that not only catches offenders but deters their very motive…,” said the chief guest at the event, Prof. G.S. Bajpai, Vice Chancellor at National Law University, Delhi, according to a press statement.
Impersonate faculty
Vineet Kumar, founder of CyberPeace, said, “This report is a wake-up call for educational institutions across the country. Digitisation without cybersecurity is like building a house without doors or locks. Once a threat actor gains access, they can impersonate faculty or administration, launch AI based phishing campaigns with higher chances of success, produce deepfakes, steal sensitive research data, leak exam papers, and even sell credentials on the darkweb. Also, multiple instances of misuse of AI have been observed.”
The research by USI-CyberPeace Centre of Excellence and Resecurity has identified social engineering (phishing and ransomware/malware) attacks, distributed denial of service (DDoS) attacks, cyber espionage, data theft, and snooping or sniffing as potential threats to the sector, which may also have national security implications.
In the pilot study, in collaboration with Autobot Infosec, a simulation of educational institutions’ networks was performed to gather intelligence. A widespread public network and threat intelligence sensors were deployed across the country, with the aim of capturing internet traffic and analysing real-time cyber attacks targeting specific locations or organisations.
During the exercise — from July 2023 to April 2024 — the network recorded 217,886 attack events originating from different IP addresses worldwide. “A pattern analysis of the attack shows that apart from India, most attacks originated from IP addresses in countries such as the USA, China, Germany, the Republic of Korea, Brazil, the Netherlands, Russia, France, Vietnam, Singapore, and Hong Kong,” said the report.
However, it clarified that attribution regarding cyberattacks was complex, as there might be some cases where the actor operating from a country exploited the resources of another country to mask the real origin of attack proxy technology.
The study identified 8,337 unique usernames and 54,784 unique passwords used in brute force attacks.
Students vulnerable
The report referred to the findings of the Indian Computer Emergency Response Team (CERT-In) about a significant rise in cyberattacks in recent years and also referred to the cases reported in July 2023, in which school students across the country received calls and WhatsApp messages from Pakistani intelligence operatives posing as school teachers or an acquaintance and asking for one-time passwords to enable them to join WhatsApp groups. “The main targets…, according to a news article, were students residing in border regions where cross-border infiltration attempts are more common,” it said.
The report said in 2021, an unsecured server had put student data from e-portal Byju’s at risk. About two years later, a security researcher found a server-side misconfiguration with Byju’s which allegedly ended up exposing sensitive data of students.
In March 2023, the Cybercrime Wing in Chennai detained a suspect based on a complaint by the School Education Department alleging that personal details of school students were sold by an individual to third parties. Details of school students from 20 districts were allegedly sold, for which the accused received online payments.
Highlighting the financial aspect, the report said that as per an IBM Report in 2023, ransomware incidents in schools and higher education institutions globally — from 2018 to mid-September 2023 — led to the breach of over 6.7 million personal records, causing downtime costs of over $53 billion.
Low budgets
The report identified factors like low budgetary allocations, lack of technical expertise, training and awareness, outdated computing hardware and software, use of personal devices by students/staff, etc., as making the sector vulnerable.
It recommended various measures for the institutions and their staff and students, such as the use of virtual private networks and avoiding download of files and email attachments from unsolicited sources, besides vetting third party vendors.
Acknowledging that many important steps have been taken by government agencies in this regard, the report suggested additional measures. It said CERT-In needs to commission in-depth research and ensure implementation of its guidelines. The National Cyber Security Coordinator should create a separate structure for them, while the Cyber Swachhta Kendra can provide free tailored tools.
Published – August 13, 2025 01:30 am IST
