Students and staff could be behind university cyber attacks, data suggests
Timings of incidents at universities and colleges indicate the perpetrators could be from within.
Students and staff could be responsible for cyber attacks on universities and colleges, according to security analysis by a Government-funded agency.
Jisc, which provides universities and colleges with digital support across the UK, say the timings of cyber attacks indicate organised criminals may not always be behind attempts to hack networks of educational institutions.
The organisation said data from the past 12 months showed that attacks peaked during term time, and dropped dramatically during holiday periods over summer, Christmas, Easter and half terms.
These included DDoS (distributed denial of service) attacks, which aim to flood networks with traffic to crash computer systems.
“Or perhaps the bad guys simply take holidays at the same time as the education sector.
“Whichever the case, there’s no point sending a DDoS attack to an organisation if there’s no-one there to suffer the consequences.”
Some attacks started at around 9am, before finishing up between 3pm and 4pm, further fuelling the theory that it could be someone within the universities.
Motivation for cyber attacks on universities is unclear, but Dr Chapman speculates it may be students looking to cause chaos for fun or a disgruntled member of staff.
Although individual cyber criminals are difficult to identify, the organisation has managed to catch some perpetrators over the years, including one incident that lasted for four days and was traced to a student gamer in halls trying to secure an advantage over another player.
In the last academic year, Jisc recorded more than 840 attacks on 189 universities and colleges, an average increase on 2016/17, when 139 institutions were attacked 578 times.
“At this time of year we see an increase in phishing emails targeting students.
“Typically, they will receive an email that appears to be from the student loans company (SLC) which tries to trick them into giving away banking details or their login information to the SLC website.”
