Global Cyberattacks on Education Sector Surge 63% in 2024–2025
Schools and universities worldwide faced a sharp rise in cyber threats between November 2024 and October 2025, with recorded incidents jumping 63% from 260 to 425 according to Quorum Cyber’s 2026 Global Cyber Risk Outlook for Higher Education. The report, based on FalconFeeds.io threat intelligence data spanning 67 countries, highlights a surge in data breaches (+73%), hacktivist activity (+75%), and ransomware attacks (+21%).
Universities emerged as prime targets, facing nation-state espionage campaigns aimed at stealing high-value research in AI, quantum computing, and advanced materials. Iranian threat actors intensified hacktivist operations, deploying DDoS attacks, website defacements, and data leaks. Financially motivated ransomware groups including FunkSec (23% of attacks), Cl0p, INC, and Nova (each 10%) remained persistent threats, alongside infostealer malware.
The sector’s open, collaborative nature complicates defense efforts, as noted by Ambrose Neville, head of information security at Queen Mary University of London. Attacks increasingly disrupt teaching, research, and daily operations, prompting institutions to prioritize resilience through early threat detection and rapid response.
Quorum Cyber’s recommendations for mitigation include intelligence-led vulnerability management, dark web monitoring, robust offline backups, and regular incident response drills. Additional measures emphasize password security, social engineering policies, and phishing-resistant multi-factor authentication.
Source: https://www.infosecurity-magazine.com/news/cyberattacks-surge-63-annually/
QUT (Queensland University of Technology) cybersecurity rating report: https://www.rankiteo.com/company/queensland-university-of-technology
"id": "QUE1776954718",
"linkid": "queensland-university-of-technology",
"type": "Cyber Attack",
"date": "11/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'education',
'location': 'global (67 countries)',
'type': 'university'},
{'industry': 'education',
'location': 'global (67 countries)',
'type': 'school'}],
'attack_vector': ['malware',
'infostealer',
'phishing',
'website defacement',
'DDoS'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['research data (AI, quantum '
'computing, advanced materials)',
'personally identifiable '
'information']},
'date_detected': '2024-11-01',
'date_publicly_disclosed': '2026',
'description': 'Schools and universities worldwide faced a sharp rise in '
'cyber threats between November 2024 and October 2025, with '
'recorded incidents jumping 63% from 260 to 425. The report '
'highlights a surge in data breaches (+73%), hacktivist '
'activity (+75%), and ransomware attacks (+21%). Universities '
'emerged as prime targets for nation-state espionage '
'campaigns, hacktivist operations, and financially motivated '
'ransomware groups.',
'impact': {'data_compromised': True,
'operational_impact': 'Disruption of teaching, research, and daily '
'operations',
'systems_affected': ['teaching systems',
'research systems',
'operational systems']},
'initial_access_broker': {'high_value_targets': ['AI research',
'quantum computing research',
'advanced materials '
'research']},
'lessons_learned': 'The sector’s open, collaborative nature complicates '
'defense efforts. Early threat detection and rapid '
'response are critical for resilience.',
'motivation': ['financial gain', 'espionage', 'hacktivism'],
'post_incident_analysis': {'corrective_actions': ['Early threat detection',
'Rapid response strategies',
'Enhanced monitoring',
'Regular drills'],
'root_causes': 'Open, collaborative nature of the '
'education sector; lack of robust '
'cybersecurity measures'},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': ['FunkSec', 'Cl0p', 'INC', 'Nova']},
'recommendations': ['intelligence-led vulnerability management',
'dark web monitoring',
'robust offline backups',
'regular incident response drills',
'password security',
'social engineering policies',
'phishing-resistant multi-factor authentication'],
'references': [{'source': 'Quorum Cyber’s 2026 Global Cyber Risk Outlook for '
'Higher Education'},
{'source': 'FalconFeeds.io threat intelligence data'}],
'response': {'enhanced_monitoring': 'intelligence-led vulnerability '
'management, dark web monitoring'},
'threat_actor': ['Iranian threat actors',
'FunkSec',
'Cl0p',
'INC',
'Nova',
'nation-state actors'],
'title': 'Global Cyberattacks on Education Sector Surge 63% in 2024–2025',
'type': ['data_breach', 'ransomware', 'DDoS', 'hacktivism', 'espionage']}