A distributed denial-of-service (DDoS) attack on Infinite Campus, an educational software provider that houses the parent portal for Oklahoma City Public Schools, created access issues for those parents trying to connect to the district's student information system.
While this was not the first attack on Infinite Campus, district spokeswoman Beth Harrison told NewsOK that the most recent attacks were greater than any it had previously experienced in both volume and duration. "The latest series of attacks began Monday, September 17, and included multiple customers and data centers. Homeland Security is now involved and Infinite Campus has hired additional security experts to assure all data is safe and to track down the attack perpetrators."
In an announcement to parents explaining the cause of the access issues, the Oklahoma City Public Schools wrote, “Please note that NO student data was stolen or breached. This attack just causes the service to be very slow or unresponsive. Many districts across the country are impacted and authorities are investigating. We’ll provide updates as soon as we have them. Thanks for your patience!”
The attack comes at the beginning of a new school year, and while the motive is unclear at this point, attackers often have myriad objectives when orchestrating these types of attacks.
According to recent research from Corero Network Security, during the first half of 2018 DDoS attacks increased 40% from Q2 2017 to Q2 2018. “This highlights the increasing need for organizations that rely on high levels of online availability to ensure they include the latest always-on, real-time, automatic DDoS protection in their defenses,” said Sean Newman, director product management, Corero Network Security.
“The key point is that such a critical service is able to be taken down by what is now a relatively cheap-and-simple-to-launch attack vector. It’s good to see that a strong emphasis is being placed on the privacy of any data being held, but that doesn’t help with the disruption and inconvenience caused when such a vital service is down for an extended period of time.”
Many online services are delivered by third parties such as Infinite Campus, and when these service providers are targeted with DDoS or other attacks, their customers feel the impact. “The attack on Oklahoma City’s student information system is just another example of just how many services, which are increasingly provided online for reasons of cost, efficiency and scalability, are delivered without adequate resiliency to distributed denial-of-service attacks,” said Newman.