Thought leadership. threat analysis, news and alerts.
Most Universities at Risk of DDoS Attacks
The recent distributed denial of service (DDoS) attack on the online services of the Scotland-based University of Edinburgh adds to the growing list of universities hit by DDoS attacks.
Last September 10th, University of Edinburgh’s online services, including wireless services, websites and many online student services were disrupted for several hours as a result of a DDoS attack. The attack was done during the busy “Welcome Week” period of the university.
“I apologise for the disruption to this service, particularly during the busy Welcome Week period,” Gavin Ian McLachlan Chief Information Officer at the University of Edinburgh, said in a statement. “I realise how frustrating this must have been.”
DDoS Attacks on Colleges and Universities: Who, When and Why
A recent study conducted by Jisc provides a picture of who may be launching these DDoS attacks, in particular, on UK’s colleges and universities based on the specific time these attacks were done.
Jisc is a UK not-for-profit company that offers internet service via the Janet Networkto UK research and education community, including the University of Edinburgh.
Jisc said, “there is evidence both circumstantial and from the justice system to suggest that students and staff may well be responsible for many of the DDoS attacks we see on the Janet Network.”
The Jisc study found that DDoS attacks on colleges and universities were usually done during school period and attacks dramatically decrease during holiday times, such as summer breaks, Christmas, Easter and May half term breaks.
“This pattern could indicate that attackers are students or staff, or others familiar with the academic cycle,” Jisc said. “Or perhaps the bad guys simply take holidays at the same time as the education sector. Whichever the case, there’s no point sending a DDoS attack to an organization if there’s no one there to suffer the consequences.”
Several students had been prosecuted in the past for attacking their colleges or universities. Adam Mudd, a student at West Herts College, pleaded guilty for launching DDoS attacks against his college; while Paras Jha, a student at Rutgers University, pleaded guilty for launching DDoS attacks against his university.
These college and university students don’t just target their own schools. In April 2017, Adam Mudd received a 2-year jail sentence for running “Titanium Stresser”, a DDoS-for-hire service that launched 1.7 million DDoS attacks against victims worldwide.
In December 2017, Jha with two college-age friends, pleaded guilty for creating the Mirai botnet – referring to the hundreds of thousands of IoT devices compromised by Jha’s group using 62 common default login details and using them as a botnet or zombie army to conduct a number of powerful DDoS attacks.
According to the U.S. Department of Justice, Jha’s involvement with the Mirai botnet ended when he posted the source code for Mirai on a criminal forum in the fall of 2016. In October 2016, internet infrastructure company Dyn became a target of DDoS attacks, which resulted in bringing down a big chunk of the internet on the U.S. east coast. The DDoS attacks against Dyn temporarily took offline major websites, such as Amazon, Twitter and Netflix. “We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets,” Dynsaid in a statement.
The Jisc study also showed a significant decrease of DDoS attacks on the Janet Network starting in April 2018. Jisc theorized that this reduction of DDoS attacks could be a result of the Operation Power Off, a coordinated operation conducted by the Dutch Police and the UK’s National Crime Agency with the support of Europol and a dozen law enforcement agencies from around the world.
Operation Power Off took down the DDoS marketplace webstresser.org and resulted in the arrests of the site’s administrators located in the UK, Croatia, Serbia and Canada.
According to the European Union Agency for Law Enforcement Cooperation (Europol), webstresser.org was the world’s biggest marketplace to hire DDoS services, with 4 million recorded attacks as of April 2018.
For as low as EUR 15 a month, individuals with little to no technical knowledge launched crippling DDoS attacks via webstresser.org, the Europol reported.
Jisc said that beyond disgruntled college and university students and staff, there are far more serious criminal players at work that these institutions ignore at their peril.
Jisc added that some of these more sophisticated DDoS attacks are designed, not just to bring down an online service offline but also to steal intellectual property, targeting valuable and sensitive and information held at these educational institutions.
Preparing for DDoS Attacks
Here are some security measures that can fortify your organization’s IT defenses in case a disgruntled student, a staff or other criminal elements decide to launch a DDoS attack against your organization:
Look for abnormal incoming traffic, including sudden traffic rise and visits from suspicious IP addresses and geolocations. These could all be indicators that criminal elements are testing your organization’s IT defenses prior to conducting a crippling DDoS attack or attacks.
Consider conducting your very own DDoS attack against your organization’s IT infrastructure. This simulated cyberattack, known in the cybersecurity community as pen testing, can prepare your organization when the real DDoS attacks happen.
Contact us today if you need assistance in protecting your organization against DDoS attacks.
Steve E. Driz, I.S.P., ITCP