"Security is not a product, but a process." (Bruce Schneier)

IT security is not a state, but a continuous process. It is the totality of all measures to ensure the security of our data and information as well as the correct functioning of all devices that process information and data.

A large number of educational institutions have been victims of attacks in recent years:

• UniBw (2025): https: //www.heise.de/news/Cyberattacke-auf-die-Universitaet-der-Bundeswehr-Muenchen-10281927.html
• TU Bergakademie Freiberg (2023): https: //www.freiepresse.de/mittelsachsen/freiberg/nach-cyberangriff-tu-bergakademie-freiberg-schottet-sich-vom-internet-ab-artikel12666246?ref=share_link#google_vignette
• GWDG (2023): https: //docs.gwdg.de/doku.php?id=de:current:incident
• Düsseldorf University Hospital (2020): https: //www.uniklinik-duesseldorf.de/ueber-uns/pressemitteilungen/detail/it-ausfall-an-der-uniklinik-duesseldorf
• University of Giessen (2019): https://www.zeit.de/campus/2019-12/cyberangriff-giessen-justus-liebig-universitaet-internet-offline/komplettansicht

The effects of IT security incidents are manifold:

• Disclosure of sensitive information
  • Contents of email inboxes, address books, personal contacts
  • Personal data on exams and grades
• Violations of the GDPR or export control regulations (dual-use, ITAR, etc.)
  • Scientific user data (e.g. highly important articles that are about to be published)
• Loss of data
  • Either through deletion or through permanent and unrecoverable encryption by attackers
• Use of stolen access data for other services and interfaces
  • Starting from email inboxes, unauthorised persons can also gain access to UOL cloud storage, Git repositories or login data for the UOL VPN, for example.
• Possibilities for the targeted implementation of "backdoors" and for further attacks
  • Sending phishing emails or similar to a target mailbox in order to permanently control it
  • Personalised attacks on other ICBM/UOL employees, as emails from ...@uol.de generally enjoy a special position of trust within the UOL and are not classified as spam or junk and are therefore not filtered out
• Damage to the reputation of ICBM or UOL as a whole
  • External complaints
  • Endangering third parties, as emails are sent via compromised UOL mailboxes.
• Inclusion of UOL in the block list by partners, clients and customers
  • Sending phishing and spam emails via compromised accounts results in the ICBM or UOL being placed on the blacklist, which significantly impairs email reception for third parties. This can also happen through automated processes.
  • This limits our ability to communicate externally. Potential example: The University of Bremen no longer accepts emails from UOL addresses or similar addresses.
• Physical damage
  • Attackers could gain control of laboratory equipment or parts of the infrastructure
  • This control could be used to cause damage to the compromised systems themselves, to other systems or even to people.