The University of Hertfordshire in the UK has been hit by a cyber-attack that has taken down its entire IT network as well as blocking access to its cloud-based services.
The higher education institution revealed the attack occurred late on Wednesday 14 April in a statement posted on its website earlier today. As a result, all its online classes scheduled today (15 April) have been cancelled.
The statement read: “Shortly before 22:00 last night, the University experienced a cyber-attack which has impacted all of our systems, including those in the Cloud such as Canvas, MS Teams and Zoom. Please be reassured that our IT colleagues are working hard to rectify the situation as soon as possible.
“However, as a result, all online teaching will be cancelled today (Thursday 15 April), and we understand that this may impact students being able to submit assignments. We want to reassure our students that no-one will be disadvantaged as a consequence of this.
“Any in-person, on-campus teaching may still continue today, if computer access is not required, but students will have no onsite or remote access to computer facilities in the LRC’s, labs or the University Wi-Fi.
“We apologise for the inconvenience this situation has caused and will continue to keep you updated. You can check the status of all our systems by visiting https://status.herts.ac.uk/.”
Currently, there are no further details about the nature of the attack, although there has been a sharp rise in ransomware attacks targeting higher education institutions in the last year, partly as a result of additional vulnerabilities brought about by the shift to online learning during COVID-19. Last year in the UK, Newcastle and Northumbria Universities experienced ransomware incidents, causing significant disruption.
Commenting, Jérôme Robert, director at Alsid, explained that there are a range of reasons why universities are forming tempting targets for cyber-criminals.
“Universities are becoming increasingly aware that they are prime targets for cyber-attacks and ransomware. Although universities’ pockets are not as deep as big enterprises, there are numerous characteristics which make them susceptible to attacks of this nature,” he said.
“The sheer size of the student and faculty at a University - in Hertfordshire’s case nearly 28,000 people - makes it incredibly difficult to secure and manage the IT estate. Think of the huge volume of new joiners and leavers each year at universities: IT teams somehow have to manage that process of creating, deleting and managing all those accounts. It’s a never-ending operation to keep all of that neat and tidy, and any oversights such as old accounts not being closed down present risk. On top of this, higher education is currently at heightened risk because of the increase of network activity and general complexity of enabling hybrid learning.”