DDoS attacks against university campuses are more likely in term time.
Nation-states and criminal gangs often get the blame for cyber attacks against universities, but a new analysis of campaigns against the education sector suggests that students — or even staff — could be perpetrators of many of these attacks.
Attributing cyber attacks is often a difficult task but Jisc, a not-for-profit digital support service for higher education, examined hundreds of DDoS attacks against universities and has come to the conclusion that “clear patterns” show these incidents take place during term-time and during the working day — and dramatically drop when students are on holiday.
“This pattern could indicate that attackers are students or staff, or others familiar with the academic cycle. Or perhaps the bad guys simply take holidays at the same time as the education sector,” said John Chapman, head of security operations at Jisc.
While the research paper notes that in many cases the reasons behind these DDoS campaigns can only be speculated about, just for fun, for the kudos and to settle grudges are cited as potential reasons.
In one case, a DDoS attack against a university network which took place across four nights in a row was found to be specifically targeting halls of residence. In this instance, the attacker was launching an attack in order to disadvantage a rival in online games.
The research notes that attacks against universities usually drop off during the summer — when students and staff are away — but that the dip for 2018 started earlier than it did in 2017.
“The heat wave weather this year could have been a factor, but it’s more likely due to international law enforcement activity — Operation Power Off took down a ‘stresser’ website at the end of April,” said Chapman.
The joint operation by law enforcement agencies around the world took down ‘Webstresser’, a DDoS for hire service which illegally sold kits for overwhelming networks and was, at the time, the world’s largest player in this space. This seemingly led to a downturn in DDoS attacks against universities.
But universities ignore more advanced threats “at their peril” said Chapman. “It’s likely that some of these more sophisticated attacks are designed to steal intellectual property, targeting sensitive and valuable information held at universities and research centres.”
Despite this, a recent survey by Jisc found that educational establishments weren’t taking cyber attacks seriously, as they weren’t considered a priority issue by many.
“When it comes to cyber security, complacency is dangerous. We do everything we can to help keep our members’ safe, but there’s no such thing as a 100% secure network,” said Chapman.