University of Hertfordshire pulls the plug on, well, everything after cyber attack

Another UK institution topples at the hands of miscreants


The University of Hertfordshire has fallen victim to a cyber attack that has resulted in the establishment pulling all its systems offline to deal with the situation.

The result has been a suspension of all online teaching today and in-person, on-campus teaching only happening if computer access is not required. The university's Wi-Fi is down and there is no student access (either in-person or remote) to its computer facilities.

A look at the British university's status page makes for grim reading. Last updated 12 hours ago (at time of writing) even cloud services, such as Office 365, are disrupted. VPN access and data storage are also offline as well as email and the University Business Systems.

schoolkids point to laptop

And that's yet another UK education body under attack from ransomware: Servers, email, phones yanked offline

READ MORE

The attack started at 22:00 BST on 14 April and the university has been quick to reassure worried students "that no one will be disadvantaged as a consequence of this."

It did not immediately respond to a request for comment by The Register.

Jérôme Robert, director at security company Alsid, highlighted the sad fact that universities were prime targets for miscreants but lacked pockets as deep as some enterprises to deal with the threat.

"The sheer size of the student and faculty at a university – in Hertfordshire's case nearly 28,000 people – makes it incredibly difficult to secure and manage the IT estate," he said. "Think of the huge volume of new joiners and leavers each year at universities: IT teams somehow have to manage that process of creating, deleting and managing all those accounts. It's a never-ending operation to keep all of that neat and tidy, and any oversights such as old accounts not being closed down present risk.

"On top of this, higher education is currently at heightened risk because of the increase of network activity and general complexity of enabling hybrid learning."

Hertfordshire is not alone. Newcastle and Northumbria universities have both recently received attention from criminals. Schools were not immune either – last month The Harris Federation, a nonprofit running primary and secondary schools, was forced to shut down servers and pull email and telephones offline while it dealt with the meddling.

The National Cyber Security Centre recently reported an increased number of attacks against UK places of education. It seems very likely that the University of Hertfordshire will not be the last. ®


Biting the hand that feeds IT © 1998–2021