Cryptomining attack prompts password changes at Massey University


A cryptomining attempt was made on a computer at Massey University.

David Unwin/Stuff

A cryptomining attempt was made on a computer at Massey University.

Staff and students have been asked to update their passwords after Massey University was targeted by a cryptomining attack.

Massey was on Friday struck by a cryptomining attempt on one of its computers, but the university responded immediately.

Cryptomining is an attempt by a third party to harness the computing power of another organisation in mining for a cryptocurrency. It is not directed at personal data.

The university’s chief information officer Richard Williams said staff and students were asked to change their passwords as a precaution.

* Waikato organisations on alert for coronavirus
* Part nurse, part doctor – nurse practitioners could help solve health problems, says nursing leader
* ‘Broken’ healthcare staff concerned about rise of bullying cases at DHBs

It was an isolated incident and Massey’s core systems were not affected.

“We have no evidence of other malicious or unexpected behaviour on our systems, but in accordance with best practice we are asking all students and staff to reset their passwords as soon as possible.”

The university always has monitoring in place.

Massey staff were busy this week working to help students change passwords.

“The university has engaged an external specialist incident response team to assist in managing this attempt.”

A statement, which the university would only attribute to an unnamed spokesperson, said Massey followed globally recognised best practice to protect its IT systems.

“Like all large organisations, the university’s technology infrastructure is regularly targeted,” the statement said.

“We have not had an external compromise in over five years.”

Massey has thousands of students and staff, but the university has a range of security defences to protect its people and information from unauthorised access, modification or destruction.

“We have implemented a range of controls to ensure security against threatening cyber behaviour. This includes password security, multi-factor authentication and risk assessments for new services.

“We have an information-security policy which is supported by a number of other more specific policies, like our password policy.

“These arrangements are reinforced by security training and awareness.”

The cryptomining attempt follows a cyberattack on the Waikato District Health Board last month, which left the health board without access to IT systems and some patient details were sent to media.


Leave a Reply

Your email address will not be published. Required fields are marked *