The University of Hertfordshire has become the most recent victim of a spate of digital assaults against academic institutions after a significant incident knocked all its systems offline. The assault on its network is perceived to have started before 10pm on Wednesday 14 April, and the university’s IT teams are right now attempting to restore services.
The university Wi-Fi network was taken down along with the email system and the university’s student portal. Since the assault students have additionally reported that they have not been able to access Office 365 services, such as Teams, just as other universities paid for services such as Canvas and Zoom.
In a statement, the university said: “As a result, all online teaching will be canceled today (Thursday 15 April), and we understand that this may impact students being able to submit assignments. We want to reassure our students that no one will be disadvantaged as a consequence of this.”
“Any in-person, on-campus teaching may still continue today, if computer access is not required, but students will have no on-site or remote access to computer facilities in the LRCs [learning resource centres], labs or the university Wi-Fi. We apologize for the inconvenience this situation has caused and will continue to keep you updated,” they added.
The UK's National Cyber Security Center has been cautioning for quite a while of increased targeting of academic institutions – both schools and universities – especially from ransomware groups, and recently updated its own guidance on the subject to mirror the current high assault volumes.
Educational bodies are considered easy targets by cybercriminals since they regularly come up short on the resources to secure their information satisfactorily, hold a lot of personal information, and may come under more public pressure to pay a ransom.
Jérôme Robert, director at Alsid, said universities are starting to become aware that they are prime targets. “The sheer size of the student and faculty at a university – in Hertfordshire’s case nearly 28,000 people – makes it incredibly difficult to secure and manage the IT estate,” he said.
“Think of the huge volume of new joiners and leavers each year at universities. IT teams somehow have to manage that process of creating, deleting, and managing all those accounts. It’s a never-ending operation to keep all of that neat and tidy, and any oversights, such as old accounts not being closed down, present risk. On top of this, higher education is currently at heightened risk because of the increase of network activity and general complexity of enabling hybrid learning.” Robert added.