The University of Hertfordshire has been hit by a critical cyberattack resulting in online classes being shut down.
The university released a statement on Wednesday evening (14th April) that an attack by cybercriminals had resulted in all its online services and systems being taken offline.
“Shortly before 22:00 last night, the university experienced a cyber-attack which has impacted all of our systems, including those in the Cloud such as Canvas, MS Teams and Zoom,” the statement read.
“Please be reassured that our IT colleagues are working hard to rectify the situation as soon as possible.
“However, as a result, all online teaching will be cancelled today (Thursday, April 15), and we understand that this may impact students being able to submit assignments. We want to reassure our students that no-one will be disadvantaged as a consequence of this.
“Any in-person, on-campus teaching may still continue today, if computer access is not required, but students will have no onsite or remote access to computer facilities in the LRC’s, labs or the University Wi-Fi.
“We apologise for the inconvenience this situation has caused and will continue to keep you updated. You can check the status of all our systems by visiting status.herts.ac.uk.”
For those wanting to know the full list of services affected, please click here.
The university of Hertfordshire is another name added to a growing list of universities, schools and academies that have been recently hit by cybercriminal activity. In 2021 alone, both the University of Lancaster and Northampton were both in the news after two separate attacks by hackers had caused major disruptions to IT systems and telephone services.
Just last month, almost 40,000 pupils were impacted by a large scale cyberattack against a UK school federation that operates 50 primary and secondary academies.
It seems as though as the education sector is coming under fire from malicious actors in recent times, with the NCSC having reported that since late February there’s been an increased number of ransomware attacks on educational institutions in the UK.
The University of Hertfordshire is yet to disclose how the attack happened
Offering advice and insight are the following cybersecurity experts:
Mitch Mellard, Principal Threat Intelligence Analyst at Talion adds:
“Attacks against the education sector, and universities in particular, have been steadily increasing over the past year. After the catastrophic Blackbaud breach, which was extremely far reaching because of the number of institutions using the platform, ransomware attacks in particular have plagued higher learning.”
Trevor Morgan, Product Manager at comforte AG states:
“Because the chances of universities and data-intensive enterprises being breached are higher than ever before, these institutes should rethink their current data security posture before threat actors target their organisations in turn. If you’re an educational institute, the most important thing to do is to protect your students’ and employees’ data, as well as your precious and highly valuable research, rather than the borders around that information.”
Dean Ferrando, Systems Engineering Manager (EMEA) at Tripwire said:
“This attack and the recent one against the University of Northampton clearly shows how universities and other educational institutions have become appealing targets for cyber criminals. By getting the basics right, universities and other higher education institutions will be making it harder and costlier for attackers to be effective with their threats. Most times, a hacker’s function is to cause as much disruption as possible, so finding and patching known vulnerabilities, making sure critical systems are securely configured and monitoring your systems for abnormal changes, can go a long way to increasing your barrier of defence, especially as the threat of an attack from nation-states increases.”
Andy Norton, European cyber risk officer at Armis commented:
“There isn’t a single UK education establishment that knows with any level of confidence what devices are on its networks. How do you expect to secure the organisation when you don’t know what it is you have to secure in the first place? This lack of knowledge about what systems are actually doing in your network makes back-up and recovery processes more prone to failure, and when that happens there is more likelihood of paying a ransom, and that explains why the Education sector is a target for cyber criminals.”
Niamh Muldoon, global data protection officer at OneLogin says:
“The greater utilisation of cloud technologies and the growth in cybercrime has made academic institutions a prime target for cybercriminals, which has been demonstrated throughout 2021. The fundamental security requirement for the educational sector is to understand who and what is trying to access university technology environments and data stored within.
Understanding student data is subject to both regulatory and compliance requirements. We are seeing an increase in universities reaching out to us as industry experts to partner with us on identity and access management.”
Jamie Akhtar, CEO & Co-Founder of CyberSmart (cybersmart.co.uk) said:
” In May 2020, Microsoft Security Intelligence found that 61 percent of nearly 7.7 million enterprise malware encounters came from those in the education sector, making it the most affected industry for cyber attack.
It’s no surprise that the UK government made Cyber Essentials, its security certification scheme that covers the fundamentals of cyber hygiene, a requirement for educational institutions working with the Educational and Skills Funding Agency. Following the fundamental rules of cyber hygiene like strong password protection, up-to-date software, and enabled firewalls can go a long way in preventing incidents like these.”
Burak Agca, security engineer at Lookout states:
“Threat actors are continuing to focus on Universities, schools, and the wider education industry, including public and private sector institutions across the UK. Just recently, the University of Lancashire and the University of Northampton were both reportedly hit by an attack that resulted in IT systems being shut down.
While the cause of the cyberattack is yet to be disclosed, both staff and pupils must remain on high alert for common threats like phishing. On modern devices like smartphones, tablets, and laptops, phishing presents an entirely different challenge from phishing on traditional endpoints. We’ve even seen a 37% increase in the rate at users on mobile faced phishing attacks, due mainly to the pandemic. Threat actors have more ways of hiding the true intent of a phishing attack on mobile, and for that reason use it as the primary way to kick off bigger infrastructure attacks.”
Brian Higgins, Security Specialist at Comparitech (comparitech.com) adds:
“Criminals use fear, uncertainty and doubt (FUD) to manipulate their victims into paying ransoms and/or giving up personal information that can be used or sold to make money. When a sector or community is so obviously under pressure this can only help attackers to leverage capitulation far more effectively as the victims are already in difficult circumstances.
The fact that Hertfordshire have students resident on campus and dependent on their network for domestic internet access as well as academic will only add to the pressure to resolve the situation.
One can only hope that Hertfordshire have an appropriate Incident Response Plan in place to mitigate this attack and restore their networks safely and securely.”
Chris Hauk, consumer privacy champion at Pixel Privacy (pixelprivacy.com) advises:
“Universities and other educational institutions should take steps to prevent attacks like this on their networks. They should make sure all systems have been updated to the latest versions if possible. They should also engage in user education, both for students and faculty, to educate users as to the risks of opening unsolicited links or attachments in emails and text messages. Users should also never share personal information, particularly university network login information.”
Martin Jartelius, CSO at Outpost24 has added the following insight:
Generally, “Zoom” and “365 services” do not go down as a result of an attack against an organizations IT environment as such, those environments are of course up, but users are unable to login. The most likely conclusion to draw is that the identity provider that allows authentication against all those systems, and the WIFI, and so on, seems affected. This would with high probability indicate the domain controller. Regardless if this is ransomware or something else, recovery is most likely going to be a substantial effort, provided those assumptions are true. Let’s hope the organization have sufficient backups and retention routines to recover, and that their current containment efforts are sufficient.